Vulnerabilities (CVE)

Filtered by CWE-264
Total 5271 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2014-2572 1 Moodle 1 Moodle 2026-06-17 4.0 MEDIUM N/A
mod/assign/externallib.php in Moodle 2.6.x before 2.6.2 does not properly handle assignment web-service parameters, which might allow remote authenticated users to modify grade metadata via unspecified vectors.
CVE-2014-2552 1 Brookinsconsulting 1 Collected Information Export 2026-06-17 7.5 HIGH 9.8 CRITICAL
Brookins Consulting (BC) Collected Information Export extension for eZ Publish 1.1.0 does not properly restrict access, which allows remote attackers to gain access to sensitive data.
CVE-2014-2541 1 Tibco 3 Messaging Appliance, Rendezvous, Substantiation Es 2026-06-17 5.0 MEDIUM N/A
The Rendezvous Daemon (rvd), Rendezvous Routing Daemon (rvrd), Rendezvous Secure Daemon (rvsd), and Rendezvous Secure Routing Daemon (rvsrd) in TIBCO Rendezvous before 8.4.2, Messaging Appliance before 8.7.1, and Substation ES before 2.8.1 do not properly implement access control, which allows remote attackers to obtain sensitive information or modify transmitted information via unspecified vectors.
CVE-2014-2534 1 Blackberry 1 Qnx Neutrino Rtos 2026-06-17 4.9 MEDIUM N/A
/sbin/pppoectl in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to obtain sensitive information by reading "bad parameter" lines in error messages, as demonstrated by reading the root password hash in /etc/shadow.
CVE-2014-2533 1 Blackberry 1 Qnx Neutrino Rtos 2026-06-17 7.2 HIGH N/A
/sbin/ifwatchd in BlackBerry QNX Neutrino RTOS 6.4.x and 6.5.x allows local users to gain privileges by providing an arbitrary program name as a command-line argument.
CVE-2014-2532 2 Openbsd, Oracle 2 Openssh, Communications User Data Repository 2026-06-17 5.8 MEDIUM 4.2 MEDIUM
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring located before a wildcard character.
CVE-2014-2520 1 Emc 1 Documentum Content Server 2026-06-17 6.3 MEDIUM N/A
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL injection attacks and read sensitive database content via a crafted request.
CVE-2014-2515 1 Emc 1 Documentum D2 2026-06-17 8.5 HIGH N/A
EMC Documentum D2 3.1 before P24, 3.1SP1 before P02, 4.0 before P11, 4.1 before P16, and 4.2 before P05 does not properly restrict tickets provided by D2GetAdminTicketMethod and D2RefreshCacheMethod, which allows remote authenticated users to gain privileges via a request for a superuser ticket.
CVE-2014-2506 1 Emc 1 Documentum Content Server 2026-06-17 8.5 HIGH N/A
EMC Documentum Content Server before 6.7 SP1 P28, 6.7 SP2 before P14, 7.0 before P15, and 7.1 before P05 allows remote authenticated users to obtain super-user privileges for system-object creation, and bypass intended restrictions on data access and server actions, via unspecified vectors.
CVE-2014-2504 1 Emc 1 Documentum D2 2026-06-17 9.0 HIGH N/A
EMC Documentum D2 3.1 before P20, 3.1 SP1 before P02, 4.0 before P10, 4.1 before P13, and 4.2 before P01 allows remote authenticated users to bypass intended access restrictions and execute arbitrary Documentum Query Language (DQL) queries by calling (1) a core method or (2) a D2FS web-service method.
CVE-2014-2388 1 Blackberry 5 Blackberry Os, Q10, Q5 and 2 more 2026-06-17 6.1 MEDIUM N/A
The Storage and Access service in BlackBerry OS 10.x before 10.2.1.1925 on Q5, Q10, Z10, and Z30 devices does not enforce the password requirement for SMB filesystem access, which allows context-dependent attackers to read arbitrary files via (1) a session over a Wi-Fi network or (2) a session over a USB connection in Development Mode.
CVE-2014-2375 1 Ecava 1 Integraxor 2026-06-17 8.3 HIGH N/A
Ecava IntegraXor SCADA Server Stable 4.1.4360 and earlier and Beta 4.1.4392 and earlier allows remote attackers to read or write to arbitrary files, and obtain sensitive information or cause a denial of service (disk consumption), via the CSV export feature.
CVE-2014-2349 1 Emerson 1 Deltav 2026-06-17 6.2 MEDIUM N/A
Emerson DeltaV 10.3.1, 11.3, 11.3.1, and 12.3 uses hardcoded credentials for diagnostic services, which allows remote attackers to bypass intended access restrictions via a TCP session, as demonstrated by a session that uses the telnet program.
CVE-2014-2347 1 Amtelco 1 Misecuremessages 2026-06-17 7.0 HIGH N/A
Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request.
CVE-2014-2321 1 Zte 2 F460, F660 2026-06-17 10.0 HIGH N/A
web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET service with specified credentials.
CVE-2014-2276 1 Emc 1 Connectrix Manager 2026-06-17 5.0 MEDIUM N/A
The FileUploadController servlet in EMC Connectrix Manager Converged Network Edition (CMCNE) before 12.1.5 does not properly restrict additions to the Connectrix Manager repository, which allows remote attackers to obtain sensitive information by importing a crafted firmware file.
CVE-2014-2273 1 Huawei 2 P2-6011, P2-6011 Firmware 2026-06-17 7.2 HIGH N/A
The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors.
CVE-2014-2268 1 Vtiger 1 Vtiger Crm 2026-06-17 5.0 MEDIUM N/A
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the X-Requested-With HTTP header, as demonstrated by executing arbitrary PHP code via the db_name parameter.
CVE-2014-2265 2 Rocklobster, Wordpress 2 Contact Form 7, Wordpress 2026-06-17 5.0 MEDIUM N/A
Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 parameter.
CVE-2014-2237 1 Openstack 1 Keystone 2026-06-17 5.0 MEDIUM N/A
The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, does not include this token in the trustee's token-index-list, which prevents the token from being invalidated by bulk token revocation and allows the trustee to bypass intended access restrictions.