258361
|
- |
|
conceptronic
|
c54apm_firmware c54apm
|
The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as …
|
CWE-255
Credentials Management
|
CVE-2014-1408
|
2014-05-6 00:28 |
2014-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258362
|
- |
|
technicolor
|
tc7200_firmware tc7200
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that …
|
CWE-352
Origin Validation Error
|
CVE-2014-0621
|
2014-05-6 00:23 |
2014-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258363
|
- |
|
freebsd
|
freebsd
|
The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jail…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3001
|
2014-05-5 23:54 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258364
|
- |
|
dynamixsolutions
|
arabic_prawn
|
lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable.
|
NVD-CWE-Other
|
CVE-2014-2322
|
2014-05-5 22:47 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258365
|
- |
|
dynamixsolutions
|
arabic_prawn
|
Per: https://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
NVD-CWE-Other
|
CVE-2014-2322
|
2014-05-5 22:47 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258366
|
- |
|
unitrends
|
enterprise_backup
|
recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string.
|
CWE-287
Improper Authentication
|
CVE-2014-3139
|
2014-05-5 21:57 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258367
|
- |
|
otrs
|
otrs
|
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary we…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2553
|
2014-05-5 14:34 |
2014-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258368
|
- |
|
hp
|
integrated_lights-out_2_firmware
|
The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 v…
|
NVD-CWE-noinfo
|
CVE-2014-2601
|
2014-05-5 14:34 |
2014-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258369
|
- |
|
juniper
|
junos
|
Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, 12.3R4 before 12.3R4-S3, 13.1 before 13.1R4, 13.2 before 13.2R2, and 13.3 before 13.3R1, as used in MX Series and T4000 routers, …
|
NVD-CWE-noinfo
|
CVE-2014-2713
|
2014-05-5 14:34 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258370
|
- |
|
igniterealtime
|
openfire
|
nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2741
|
2014-05-5 14:34 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|