The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS.
Max CVSS
7.5
EPSS Score
1.71%
Published
2014-07-31
Updated
2017-08-29
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-admin/admin-post.php and accessing the theme in wp-content/uploads/wysija/themes/mailp/.
Max CVSS
7.5
EPSS Score
38.76%
Published
2014-07-27
Updated
2014-07-28
The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does not properly consider unauthenticated-bind semantics, which allows remote attackers to bypass authentication via an empty password.
Max CVSS
6.8
EPSS Score
1.78%
Published
2014-07-02
Updated
2017-01-03
(1) iodined.c and (2) user.c in iodine before 0.7.0 allows remote attackers to bypass authentication by continuing execution after an error has been triggering.
Max CVSS
5.0
EPSS Score
2.58%
Published
2014-07-03
Updated
2014-07-07
The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02 and earlier allow remote attackers to bypass authentication, and consequently obtain sensitive credential and configuration data, via unspecified vectors.
Max CVSS
6.4
EPSS Score
0.28%
Published
2014-07-29
Updated
2014-07-30
The Shibboleth authentication plugin in auth/shibboleth/index.php in Moodle through 2.3.11, 2.4.x before 2.4.11, and 2.5.x before 2.5.7 does not check whether a session ID is empty, which allows remote authenticated users to hijack sessions via crafted plugin interaction.
Max CVSS
6.0
EPSS Score
0.34%
Published
2014-07-29
Updated
2020-12-01
The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or modify data in memory or a filesystem, via direct access to this interface, aka Bug ID CSCun77435.
Max CVSS
6.9
EPSS Score
0.09%
Published
2014-07-09
Updated
2017-08-29

CVE-2014-3120

Known exploited
Public exploit
The default configuration in Elasticsearch before 1.2 enables dynamic scripting, which allows remote attackers to execute arbitrary MVEL expressions and Java code via the source parameter to _search. NOTE: this only violates the vendor's intended security policy if the user does not run Elasticsearch in its own independent virtual machine.
Max CVSS
6.8
EPSS Score
53.21%
Published
2014-07-28
Updated
2016-12-06
CISA KEV Added
2022-03-25
Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
Max CVSS
10.0
EPSS Score
0.57%
Published
2014-07-14
Updated
2014-07-15
Unspecified vulnerability in HP SiteScope 11.1x through 11.13 and 11.2x through 11.24 allows remote attackers to bypass authentication via unknown vectors, aka ZDI-CAN-2140.
Max CVSS
7.5
EPSS Score
93.63%
Published
2014-07-07
Updated
2017-01-07

CVE-2013-6117

Public exploit
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perform other actions via a request to TCP port 37777.
Max CVSS
7.5
EPSS Score
95.62%
Published
2014-07-11
Updated
2014-07-14
11 vulnerabilities found
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!