|
257841
|
- |
|
apache
|
solr
|
The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity r…
|
NVD-CWE-noinfo
|
CVE-2013-6407
|
2014-07-17 14:01 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257842
|
- |
|
apache
|
solr
|
Per: http://secunia.com/advisories/55542
"A vulnerability has been reported in Apache Solr, which can be exploited by malicious people to disclose certain sensitive information or cause a DoS (Denia…
|
NVD-CWE-noinfo
|
CVE-2013-6407
|
2014-07-17 14:01 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257843
|
- |
|
hanon
|
faceid_f810_firmware
faceid
faceid_f710_firmware
faceid_fk800_firmware
faceid_fa007_firmware
|
Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands.
|
CWE-287
Improper Authentication
|
CVE-2014-2938
|
2014-07-17 03:54 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257844
|
- |
|
zte
|
zxv10_w300_firmware
zxv10_w300
|
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA passwo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4154
|
2014-07-17 02:49 |
2014-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257845
|
- |
|
zte
|
zxv10_w300_firmware
zxv10_w300
|
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.
|
CWE-255
Credentials Management
|
CVE-2014-4018
|
2014-07-17 02:44 |
2014-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257846
|
- |
|
reportico
|
php_report_designer
|
Directory traversal vulnerability in Reportico PHP Report Designer before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the xmlin parameter.
|
CWE-22
Path Traversal
|
CVE-2014-3777
|
2014-07-17 02:28 |
2014-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257847
|
- |
|
binarymoon
|
timthumb
wordthumb
|
TimThumb 2.8.13 and WordThumb 1.07, when Webshot (aka Webshots) is enabled, allows remote attackers to execute arbitrary commands via shell metacharacters in the src parameter.
|
CWE-94
Code Injection
|
CVE-2014-4663
|
2014-07-16 04:25 |
2014-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257848
|
- |
|
arubanetworks
|
clearpass
|
The Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated users to obtain database credential…
|
CWE-200
Information Exposure
|
CVE-2014-4031
|
2014-07-16 04:17 |
2014-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257849
|
- |
|
bestpractical
email\
|
rt
\
|
Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service (CPU consumption) via a string withou…
|
CWE-189
Numeric Errors
|
CVE-2014-1474
|
2014-07-16 01:37 |
2014-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257850
|
- |
|
raritan
|
px
dpxr20a-16
|
Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
|
CWE-287
Improper Authentication
|
CVE-2014-2955
|
2014-07-16 01:24 |
2014-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
