Export limit exceeded: 367102 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (9606 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2014-1882 2 Adobe, Apache 2 Phonegap, Cordova 2025-04-12 N/A
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that leverages IFRAME script execution and directly accesses bridge JavaScript objects, as demonstrated by certain cordova.require calls.
CVE-2014-1883 1 Adobe 1 Phonegap 2025-04-12 N/A
Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.
CVE-2014-1884 3 Adobe, Apache, Microsoft 3 Phonegap, Cordova, Windows Phone 2025-04-12 N/A
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-resource restrictions via content that is accessed (1) in an IFRAME element or (2) with the XMLHttpRequest method by a crafted application.
CVE-2014-1885 2 Adobe, Hsgroup 2 Phonegap, Forzearmate 2025-04-12 N/A
The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-storage resources, by leveraging control over any Google syndication advertising domain.
CVE-2014-1886 2 Adobe, Edinburghtour 2 Phonegap, Edinburgh By Bus 2025-04-12 N/A
The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage resources, by leveraging control over one of a number of "obscure Eastern European dating sites."
CVE-2014-1887 2 Adobe, Drinkedin 2 Phonegap, Drinkedin Barfinder 2025-04-12 N/A
The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geolocation information, by leveraging control over one of a number of adult sites, as demonstrated by (1) freelifetimecheating.com and (2) www.babesroulette.com.
CVE-2015-1515 1 Softsphere 1 Defensewall Personal Firewall 2025-04-12 N/A
The dwall.sys driver in SoftSphere DefenseWall Personal Firewall 3.24 allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a crafted 0x00222000, 0x00222004, 0x00222008, 0x0022200c, or 0x00222010 IOCTL call.
CVE-2016-2352 1 Accellion 1 File Transfer Appliance 2025-04-12 N/A
The Accellion File Transfer Appliance (FTA) before FTA_9_12_40 allows remote authenticated users to execute arbitrary commands by leveraging the YUM_CLIENT restricted-user role.
CVE-2014-1933 2 Python, Pythonware 2 Pillow, Python Imaging Library 2025-04-12 N/A
The (1) JpegImagePlugin.py and (2) EpsImagePlugin.py scripts in Python Image Library (PIL) 1.1.7 and earlier and Pillow before 2.3.1 uses the names of temporary files on the command line, which makes it easier for local users to conduct symlink attacks by listing the processes.
CVE-2015-1499 1 Samsung 1 Samsung Security Manager 2025-04-12 N/A
The ActiveMQ Broker in Samsung Security Manager (SSM) before 1.31 allows remote attackers to delete arbitrary files, and consequently cause a denial of service, via a DELETE request.
CVE-2014-1957 1 Fortinet 1 Fortiweb 2025-04-12 N/A
FortiGuard FortiWeb before 5.0.3 allows remote authenticated users to gain privileges via unspecified vectors.
CVE-2014-1959 1 Gnu 1 Gnutls 2025-04-12 N/A
lib/x509/verify.c in GnuTLS before 3.1.21 and 3.2.x before 3.2.11 treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restrictions by leveraging a X.509 V1 certificate from a trusted CA to issue new certificates.
CVE-2016-2313 2 Cacti, Opensuse 3 Cacti, Leap, Opensuse 2025-04-12 N/A
auth_login.php in Cacti before 0.8.8g allows remote authenticated users who use web authentication to bypass intended access restrictions by logging in as a user not in the cacti database.
CVE-2014-1977 2 Google, Nttdocomo 2 Android, Spmode Mail Android 2025-04-12 N/A
The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail messages, which allows attackers to obtain sensitive information via a crafted application.
CVE-2014-1978 2 Google, Nttdocomo 2 Android, Spmode Mail Android 2025-04-12 N/A
The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card during e-mail composition, which allows attackers to obtain sensitive information via a crafted application.
CVE-2014-1986 1 Kokuyo 1 Camiapp 2025-04-12 N/A
The Content Provider in the KOKUYO CamiApp application 1.21.1 and earlier for Android allows attackers to bypass intended access restrictions and read database information via a crafted application.
CVE-2014-1989 1 Cybozu 1 Garoon 2025-04-12 N/A
Cybozu Garoon 3.0 through 3.7 SP3 allows remote authenticated users to bypass intended access restrictions and delete schedule information via unspecified API calls.
CVE-2014-1993 1 Cybozu 1 Garoon 2025-04-12 N/A
The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
CVE-2014-1996 1 Cybozu 1 Garoon 2025-04-12 N/A
Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call.
CVE-2014-2033 1 Bluecoat 1 Proxysgos 2025-04-12 N/A
The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users to bypass intended access restrictions during a time window after account deletion or modification by leveraging knowledge of previously valid credentials.