257881
|
- |
|
webtitan
|
webtitan
|
Directory traversal vulnerability in logs-x.php in WebTitan before 4.04 allows remote attackers to read arbitrary files via a .. (dot dot) in the logfile parameter in a download action.
|
CWE-22
Path Traversal
|
CVE-2014-4306
|
2014-06-19 23:17 |
2014-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257882
|
- |
|
nice
|
recording_express
|
Multiple SQL injection vulnerabilities in NICE Recording eXpress (aka Cybertech eXpress) 6.5.7 and earlier allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2014-4305
|
2014-06-19 23:13 |
2014-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257883
|
- |
|
ham3d
|
ham3d_shop_engine
|
Cross-site scripting (XSS) vulnerability in rating/rating.php in HAM3D Shop Engine allows remote attackers to inject arbitrary web script or HTML via the ID parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-4302
|
2014-06-19 03:53 |
2014-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257884
|
- |
|
ulli_horlacher
|
fex
|
Incomplete blacklist vulnerability in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allows remote attackers to conduct cross-site scripting (XSS) attacks via the addto parameter to fu…
|
NVD-CWE-Other
|
CVE-2014-3877
|
2014-06-19 03:27 |
2014-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257885
|
- |
|
ulli_horlacher
|
fex
|
Per: http://cwe.mitre.org/data/definitions/184.html
"CWE-184: Incomplete Blacklist"
|
NVD-CWE-Other
|
CVE-2014-3877
|
2014-06-19 03:27 |
2014-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257886
|
- |
|
ulli_horlacher
|
fex
|
Multiple cross-site scripting (XSS) vulnerabilities in Frams' Fast File EXchange (F*EX, aka fex) before fex-20140530 allow remote attackers to inject arbitrary web script or HTML via the (1) akey par…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3876
|
2014-06-19 03:24 |
2014-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257887
|
- |
|
huawei
|
campus_series_switch_software campus_lsw_s9700 campus_s3300hi campus_s3700hi campus_s5300 campus_s5700 campus_s6300 campus_s6700 campus_s7700 campus_s9300 campus_s9300e<…
|
Multiple heap-based buffer overflows in Huawei Campus Series Switches S3700HI, S5700, S6700, S3300HI, S5300, S6300, S9300, S7700, and LSW S9700 with software V200R001 before V200R001SPH013; S5700, S6…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-4190
|
2014-06-19 02:06 |
2014-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257888
|
- |
|
videos_tube_project
|
videos_tube
|
Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php.
|
CWE-89
SQL Injection
|
CVE-2014-3962
|
2014-06-18 13:33 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257889
|
- |
|
sap
|
project_system
|
The (1) Structures and (2) Project-Oriented Procurement components in SAP Project System has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
|
CWE-255
Credentials Management
|
CVE-2014-4004
|
2014-06-18 13:33 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257890
|
- |
|
sap
|
brazil
|
SAP Brazil add-on has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
|
CWE-255
Credentials Management
|
CVE-2014-4005
|
2014-06-18 13:33 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|