|
257811
|
- |
|
sap
|
profile_maintenance
|
SAP Profile Maintenance does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7.1.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3131
|
2014-05-10 13:06 |
2014-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257812
|
- |
|
sap
|
background_processing
|
SAP Background Processing does not properly restrict access, which allows remote authenticated users to obtain sensitive information via an unspecified RFC function, related to SAP Solution Manager 7…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3132
|
2014-05-10 13:06 |
2014-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257813
|
- |
|
sap
|
netweaver_java_application_server
|
SAP Netweaver Java Application Server does not properly restrict access, which allows remote attackers to obtain the list of SAP systems registered on an SLD via an unspecified webdynpro, related to …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3133
|
2014-05-10 13:06 |
2014-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257814
|
- |
|
sap
|
businessobjects
|
Cross-site scripting (XSS) vulnerability in the InfoView application in SAP BusinessObjects allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-3134
|
2014-05-10 13:06 |
2014-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257815
|
- |
|
amtelco
|
misecuremessages
|
Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request…
|
CWE-287
Improper Authentication
|
CVE-2014-0357
|
2014-05-10 13:02 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257816
|
- |
|
zabbix
|
zabbix
|
Zabbix 2.0.5 allows remote authenticated users to discover the LDAP bind password by leveraging management-console access and reading the ldap_bind_password value in the HTML source code.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5572
|
2014-05-10 12:58 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257817
|
- |
|
php-fusion
|
php-fusion
|
Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated us…
|
CWE-89
SQL Injection
|
CVE-2013-1803
|
2014-05-10 12:52 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257818
|
- |
|
dest-unreach
|
socat
|
Heap-based buffer overflow in the xioscan_readline function in xio-readline.c in socat 1.4.0.0 through 1.7.2.0 and 2.0.0-b1 through 2.0.0-b4 allows local users to execute arbitrary code via the READL…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-0219
|
2014-05-10 12:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257819
|
- |
|
intra-mart
|
webplatform\/appframework
|
Open redirect vulnerability in WebPlatform / AppFramework 6.0 through 7.2 in NTT DATA INTRAMART intra-mart allows remote attackers to redirect users to arbitrary web sites and conduct phishing attack…
|
CWE-20
Improper Input Validation
|
CVE-2014-1991
|
2014-05-10 03:27 |
2014-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257820
|
- |
|
semantictitle_project
|
semantictitle
|
Cross-site scripting (XSS) vulnerability in the SemanticTitle extension before 1.1.0 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-2854
|
2014-05-10 02:49 |
2014-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
