258461
|
- |
|
fitnesse
|
fitnesse_wiki
|
FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.
|
NVD-CWE-Other
|
CVE-2014-1216
|
2014-04-23 01:24 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258462
|
- |
|
fitnesse
|
fitnesse_wiki
|
Per: https://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
NVD-CWE-Other
|
CVE-2014-1216
|
2014-04-23 01:24 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258463
|
- |
|
pimcore
|
pimcore
|
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which all…
|
CWE-20
Improper Input Validation
|
CVE-2014-2922
|
2014-04-23 00:06 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258464
|
- |
|
pimcore
|
pimcore
|
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, w…
|
CWE-94
Code Injection
|
CVE-2014-2921
|
2014-04-23 00:04 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258465
|
- |
|
cisco
|
cns_network_registrar
|
The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows remote attackers to cause a denial of service (daemon reload) via a malformed DHCPv6 packet, aka Bug ID CSCuo07437.
|
CWE-20
Improper Input Validation
|
CVE-2014-2155
|
2014-04-22 04:59 |
2014-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258466
|
- |
|
siemens
|
sinema_server
|
Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80.
|
CWE-20
Improper Input Validation
|
CVE-2014-2733
|
2014-04-22 04:31 |
2014-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258467
|
- |
|
siemens
|
sinema_server
|
Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80.
|
NVD-CWE-noinfo
|
CVE-2014-2731
|
2014-04-22 04:28 |
2014-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258468
|
- |
|
toshibatec
|
e-studio-232 e-studio-233 e-studio-282 e-studio-283
|
Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the web-based management utility) on TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices allows remote attackers to hijack the authen…
|
CWE-352
Origin Validation Error
|
CVE-2014-1990
|
2014-04-22 04:23 |
2014-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258469
|
- |
|
progea
|
movicon
|
The TCPUploader module in Progea Movicon 11.4 before 11.4.1150 allows remote attackers to obtain potentially sensitive version information via network traffic to TCP port 10651.
|
CWE-200
Information Exposure
|
CVE-2014-0778
|
2014-04-22 03:50 |
2014-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258470
|
- |
|
remote-rac
|
rac_server
|
PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to cause a denial of service (disabled keyboard or crash) via a large input buffer to unspecified IOCTL requests in RACDriver.sys, which tr…
|
CWE-20
Improper Input Validation
|
CVE-2014-2597
|
2014-04-22 03:15 |
2014-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|