258471
|
- |
|
cisco
|
web_security_virtual_appliance web_security_appliance
|
CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a …
|
CWE-20
Improper Input Validation
|
CVE-2014-2137
|
2014-04-3 01:28 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258472
|
- |
|
pearson
|
esis_enterprise_student_information_system
|
Cross-site scripting (XSS) vulnerability in aal/loginverification.aspx in Pearson eSIS Enterprise Student Information System allows remote attackers to inject arbitrary web script or HTML via unspeci…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1942
|
2014-04-3 01:05 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258473
|
- |
|
zyxel
|
p-660h-61 p-660h-63 p-660h-67 p-660h-d1 p-660h-d3 p-660h-t1 p-660h-t3 p-660hw p-660hw_d1 p-660hw_d3 p-660hw_t3
|
The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets.
|
CWE-20
Improper Input Validation
|
CVE-2013-3588
|
2014-04-3 00:29 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258474
|
- |
|
posh_project
|
posh
|
The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, w…
|
CWE-255
Credentials Management
|
CVE-2014-2212
|
2014-04-3 00:03 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258475
|
- |
|
horde
|
horde_application_framework
|
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted se…
|
CWE-94
Code Injection
|
CVE-2014-1691
|
2014-04-2 23:50 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258476
|
- |
|
checkpoint
|
security_gateway
|
Multiple unspecified vulnerabilities in Check Point Security Gateway 80 R71.x before R71.45 (730159141) and R75.20.x before R75.20.4 and 600 and 1100 appliances R75.20.x before R75.20.42 have unknown…
|
NVD-CWE-noinfo
|
CVE-2013-7350
|
2014-04-2 00:19 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258477
|
- |
|
redhat
|
jboss_operations_network
|
Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files w…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0032
|
2014-04-1 23:40 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258478
|
- |
|
redhat
|
jboss_operations_network
|
Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4573
|
2014-04-1 23:38 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258479
|
- |
|
emc
|
vplex_geosynchrony
|
Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors.
|
CWE-287
Improper Authentication
|
CVE-2014-0635
|
2014-04-1 23:16 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258480
|
- |
|
emc
|
vplex_geosynchrony
|
EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sen…
|
CWE-20
Improper Input Validation
|
CVE-2014-0634
|
2014-04-1 23:14 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|