|
258141
|
- |
|
conceptronic
|
c54apm_firmware
c54apm
|
CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP respon…
|
CWE-20
Improper Input Validation
|
CVE-2014-1406
|
2014-05-6 00:29 |
2014-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258142
|
- |
|
conceptronic
|
c54apm_firmware
c54apm
|
The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as …
|
CWE-255
Credentials Management
|
CVE-2014-1408
|
2014-05-6 00:28 |
2014-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258143
|
- |
|
technicolor
|
tc7200_firmware
tc7200
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that …
|
CWE-352
Origin Validation Error
|
CVE-2014-0621
|
2014-05-6 00:23 |
2014-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258144
|
- |
|
freebsd
|
freebsd
|
The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jail…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3001
|
2014-05-5 23:54 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258145
|
- |
|
dynamixsolutions
|
arabic_prawn
|
lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable.
|
NVD-CWE-Other
|
CVE-2014-2322
|
2014-05-5 22:47 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258146
|
- |
|
dynamixsolutions
|
arabic_prawn
|
Per: https://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
NVD-CWE-Other
|
CVE-2014-2322
|
2014-05-5 22:47 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258147
|
- |
|
unitrends
|
enterprise_backup
|
recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string.
|
CWE-287
Improper Authentication
|
CVE-2014-3139
|
2014-05-5 21:57 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258148
|
- |
|
otrs
|
otrs
|
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary we…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2553
|
2014-05-5 14:34 |
2014-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258149
|
- |
|
hp
|
integrated_lights-out_2_firmware
|
The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 v…
|
NVD-CWE-noinfo
|
CVE-2014-2601
|
2014-05-5 14:34 |
2014-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258150
|
- |
|
juniper
|
junos
|
Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, 12.3R4 before 12.3R4-S3, 13.1 before 13.1R4, 13.2 before 13.2R2, and 13.3 before 13.3R1, as used in MX Series and T4000 routers, …
|
NVD-CWE-noinfo
|
CVE-2014-2713
|
2014-05-5 14:34 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
