bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter.
Max CVSS
5.0
Published
2014-12-17
Updated
2017-01-03
EPSS
0.58%
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in the .k5users file of that user, which might bypass intended authentication requirements that would force a local login.
Max CVSS
4.0
Published
2014-12-06
Updated
2017-09-08
EPSS
0.24%
Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards.
Max CVSS
5.0
Published
2014-12-08
Updated
2017-09-08
EPSS
0.36%
ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi.
Max CVSS
5.0
Published
2014-12-02
Updated
2014-12-03
EPSS
0.12%
The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.
Max CVSS
7.5
Published
2014-12-01
Updated
2014-12-01
EPSS
0.26%
MantisBT before 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote attackers to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for the public_key value 0.
Max CVSS
5.0
Published
2014-12-06
Updated
2017-09-08
EPSS
0.64%
The Collaboration Server in IBM InfoSphere Master Data Management Server for Product Information Management 9.x through 9.1 and InfoSphere Master Data Management - Collaborative Edition 10.x through 10.1, 11.0 before FP7, and 11.3 and 11.4 before 11.4 FP1 allows remote authenticated users to modify the administrator's credentials and consequently gain privileges via unspecified vectors.
Max CVSS
4.0
Published
2014-12-22
Updated
2017-09-08
EPSS
0.08%
DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.
Max CVSS
5.0
Published
2014-10-22
Updated
2016-07-15
EPSS
0.60%
DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.
Max CVSS
5.0
Published
2014-10-22
Updated
2016-07-15
EPSS
0.60%
The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options.
Max CVSS
5.4
Published
2014-12-11
Updated
2019-07-30
EPSS
0.90%
The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass intended DOM object restrictions by leveraging property availability after XrayWrapper removal.
Max CVSS
4.3
Published
2014-12-11
Updated
2016-12-22
EPSS
0.25%
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object restrictions via a call to an unspecified method.
Max CVSS
4.3
Published
2014-12-11
Updated
2016-12-22
EPSS
0.25%
The MySQL database in McAfee Network Data Loss Prevention (NDLP) before 9.3 does not require a password, which makes it easier for remote attackers to obtain access.
Max CVSS
7.5
Published
2014-10-29
Updated
2014-10-30
EPSS
0.27%
CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.
Max CVSS
6.8
Published
2014-11-04
Updated
2017-09-08
EPSS
0.75%

CVE-2014-8424

Public exploit exists
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication.
Max CVSS
7.8
Published
2014-11-28
Updated
2014-11-28
EPSS
89.78%
Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain access data for the ftp and telnet services via a direct request for ZTPUsrDtls.txt.
Max CVSS
10.0
Published
2014-10-20
Updated
2014-10-23
EPSS
0.26%
The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.
Max CVSS
5.0
Published
2014-10-22
Updated
2017-11-04
EPSS
0.60%
The Disaster Recovery (DRA) feature on the Cisco ISB8320-E High-Definition IP-Only DVR allows remote attackers to bypass authentication by establishing a TELNET session during a recovery boot, aka Bug ID CSCup85422.
Max CVSS
4.3
Published
2014-12-17
Updated
2014-12-17
EPSS
0.15%
Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site.
Max CVSS
5.0
Published
2014-11-19
Updated
2017-09-08
EPSS
0.42%
HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors.
Max CVSS
8.5
Published
2014-12-10
Updated
2019-10-09
EPSS
0.35%
Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind.
Max CVSS
5.0
Published
2014-12-10
Updated
2018-10-09
EPSS
0.12%
The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web site that is visited by an application consumer.
Max CVSS
5.8
Published
2014-12-25
Updated
2021-07-19
EPSS
0.27%
Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.
Max CVSS
7.5
Published
2014-10-08
Updated
2014-10-09
EPSS
1.00%
Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342.
Max CVSS
9.0
Published
2014-11-19
Updated
2014-11-19
EPSS
0.22%
Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors.
Max CVSS
10.0
Published
2014-11-19
Updated
2014-11-19
EPSS
0.53%
186 vulnerabilities found
1 2 3 4 5 6 7 8
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!