|
258551
|
- |
|
chainfire
|
supersu
|
The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6775
|
2014-04-1 04:08 |
2014-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258552
|
- |
|
koushik_dutta
|
superuser
|
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /system/xbin/su.
|
CWE-20
Improper Input Validation
|
CVE-2013-6769
|
2014-04-1 04:01 |
2014-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258553
|
- |
|
koushik_dutta
|
superuser
|
Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process …
|
CWE-22
Path Traversal
|
CVE-2013-6768
|
2014-04-1 03:59 |
2014-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258554
|
- |
|
redhat
|
conga
enterprise_linux
|
Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLI…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7347
|
2014-04-1 03:23 |
2014-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258555
|
- |
|
alliedtelesis
|
img646bd_firmware
img646bd
at-rg634a_firmware
at-rg634a
img624a_firmware
img624a
img616lh_firmware
img616lh
|
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges …
|
CWE-78
CWE-287
OS Command
Improper Authentication
|
CVE-2014-1982
|
2014-04-1 02:57 |
2014-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258556
|
- |
|
mozilla
|
firefox
|
The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 on Android relies on Android's weak approach to seeding the Math.random function, which makes it ea…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1516
|
2014-04-1 02:33 |
2014-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258557
|
- |
|
symantec
|
liveupdate_administrator
|
The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providin…
|
CWE-255
Credentials Management
|
CVE-2014-1644
|
2014-04-1 01:40 |
2014-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258558
|
- |
|
symantec
|
liveupdate_administrator
|
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspe…
|
CWE-89
SQL Injection
|
CVE-2014-1645
|
2014-04-1 01:27 |
2014-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258559
|
- |
|
cisco
|
ios
|
The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD)…
|
CWE-399
Resource Management Errors
|
CVE-2014-2131
|
2014-04-1 01:07 |
2014-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258560
|
- |
|
cisco
|
ios
ios_xe
|
Cisco IOS 12.2 and 15.0 through 15.3 and IOS XE 3.2 through 3.7 before 3.7.5S and 3.8 through 3.10 before 3.10.1S allow remote attackers to cause a denial of service (device reload) via a malformed I…
|
CWE-20
Improper Input Validation
|
CVE-2014-2108
|
2014-03-28 22:49 |
2014-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
