bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter.
Max CVSS
5.0
EPSS Score
0.58%
Published
2014-12-17
Updated
2017-01-03
Graylog2 before 0.92 allows remote attackers to bypass LDAP authentication via crafted wildcards.
Max CVSS
5.0
EPSS Score
0.36%
Published
2014-12-08
Updated
2017-09-08
ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi.
Max CVSS
5.0
EPSS Score
0.13%
Published
2014-12-02
Updated
2014-12-03
The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attack on the administrative password.
Max CVSS
7.5
EPSS Score
0.28%
Published
2014-12-01
Updated
2014-12-01
MantisBT before 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote attackers to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPTCHA answer for a public_key parameter value, as demonstrated by E4652 for the public_key value 0.
Max CVSS
5.0
EPSS Score
0.64%
Published
2014-12-06
Updated
2017-09-08
DokuWiki 2014-05-05a and earlier, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a user name and password starting with a null (\0) character, which triggers an anonymous bind.
Max CVSS
5.0
EPSS Score
0.60%
Published
2014-10-22
Updated
2016-07-15
DokuWiki before 2014-05-05b, when using Active Directory for LDAP authentication, allows remote attackers to bypass authentication via a password starting with a null (\0) character and a valid user name, which triggers an unauthenticated bind.
Max CVSS
5.0
EPSS Score
0.60%
Published
2014-10-22
Updated
2016-07-15
The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP databases for both IPv4 and IPv6, or (2) IPv6 support with certain options.
Max CVSS
5.4
EPSS Score
0.90%
Published
2014-12-11
Updated
2019-07-30
The MySQL database in McAfee Network Data Loss Prevention (NDLP) before 9.3 does not require a password, which makes it easier for remote attackers to obtain access.
Max CVSS
7.5
EPSS Score
0.30%
Published
2014-10-29
Updated
2014-10-30
CA Cloud Service Management (CSM) before Summer 2014 does not properly verify authentication tokens from an Identity Provider, which allows user-assisted remote attackers to bypass intended access restrictions via unspecified vectors.
Max CVSS
6.8
EPSS Score
0.75%
Published
2014-11-04
Updated
2017-09-08

CVE-2014-8424

Public exploit
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication.
Max CVSS
7.8
EPSS Score
89.78%
Published
2014-11-28
Updated
2014-11-28
Schrack Technik microControl with firmware before 1.7.0 (937) stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain access data for the ftp and telnet services via a direct request for ZTPUsrDtls.txt.
Max CVSS
10.0
EPSS Score
0.29%
Published
2014-10-20
Updated
2014-10-23
The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with a null byte, which triggers an unauthenticated bind.
Max CVSS
5.0
EPSS Score
0.60%
Published
2014-10-22
Updated
2017-11-04
Google Chrome before 39.0.2171.65 on Android does not prevent navigation to a URL in cases where an intent for the URL lacks CATEGORY_BROWSABLE, which allows remote attackers to bypass intended access restrictions via a crafted web site.
Max CVSS
5.0
EPSS Score
0.42%
Published
2014-11-19
Updated
2017-09-08
HP HP-UX B.11.11, B.11.23, and B.11.31, when the PAM configuration includes libpam_updbe, allows remote authenticated users to bypass authentication, and consequently execute arbitrary code, via unspecified vectors.
Max CVSS
8.5
EPSS Score
0.35%
Published
2014-12-10
Updated
2019-10-09
Apache CloudStack 4.3.x before 4.3.2 and 4.4.x before 4.4.2 allows remote attackers to bypass authentication via a login request without a password, which triggers an unauthenticated bind.
Max CVSS
5.0
EPSS Score
0.12%
Published
2014-12-10
Updated
2018-10-09
The Crumb plugin before 3.0.0 for Node.js does not properly restrict token access in situations where a hapi route handler has CORS enabled, which allows remote attackers to obtain sensitive information, and potentially obtain the ability to spoof requests to non-CORS routes, via a crafted web site that is visited by an application consumer.
Max CVSS
5.8
EPSS Score
0.27%
Published
2014-12-25
Updated
2021-07-19
Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.
Max CVSS
7.5
EPSS Score
1.00%
Published
2014-10-08
Updated
2014-10-09
Aruba Networks ClearPass before 6.3.5 and 6.4.x before 6.4.1 allows remote attackers to execute arbitrary commands via unspecified vectors, a different vulnerability than CVE-2014-5342.
Max CVSS
9.0
EPSS Score
0.22%
Published
2014-11-19
Updated
2014-11-19
Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 does not properly restrict access to unspecified administrative functions, which allows remote attackers to bypass authentication and execute administrative actions via unknown vectors.
Max CVSS
10.0
EPSS Score
0.53%
Published
2014-11-19
Updated
2014-11-19
The Policy Manager in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote authenticated users to gain privileges via unspecified vectors.
Max CVSS
9.0
EPSS Score
0.23%
Published
2014-11-19
Updated
2014-11-19
gpc_api.php in MantisBT 1.2.17 and earlier allows remote attackers to bypass authenticated via a password starting will a null byte, which triggers an unauthenticated bind.
Max CVSS
5.0
EPSS Score
0.37%
Published
2014-10-22
Updated
2021-01-12
Juniper Junos 11.4 before R12, 12.1 before R10, 12.1X44 before D35, 12.1X45 before D25, 12.1X46 before D20, 12.1X47 before D10, 12.2 before R8, 12.2X50 before D70, 12.3 before R6, 13.1 before R4-S3, 13.1X49 before D55, 13.1X50 before D30, 13.2 before R4, 13.2X50 before D20, 13.2X51 before D26 and D30, 13.2X52 before D15, 13.3 before R2, and 14.1 before R1, when a RADIUS accounting server is configured as [system accounting destination radius], creates an entry in /var/etc/pam_radius.conf, which might allow remote attackers to bypass authentication via unspecified vectors.
Max CVSS
7.5
EPSS Score
0.75%
Published
2014-10-14
Updated
2017-09-08
Outlook Web App (OWA) in Microsoft Exchange Server 2007 SP3, 2010 SP3, and 2013 SP1 and Cumulative Update 6 does not properly validate tokens in requests, which allows remote attackers to spoof the origin of e-mail messages via unspecified vectors, aka "Outlook Web App Token Spoofing Vulnerability."
Max CVSS
5.0
EPSS Score
0.95%
Published
2014-12-11
Updated
2018-10-12
IBM Security Access Manager for Mobile 8.x before 8.0.1 and Security Access Manager for Web 7.x before 7.0.0 FP10 and 8.x before 8.0.1 do not have a lockout period after invalid login attempts, which makes it easier for remote attackers to obtain admin access via a brute-force attack.
Max CVSS
5.0
EPSS Score
0.33%
Published
2014-12-18
Updated
2017-09-08
128 vulnerabilities found
1 2 3 4 5 6
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!