|
258031
|
- |
|
vtiger
|
vtiger_crm
|
modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPa…
|
CWE-20
Improper Input Validation
|
CVE-2014-2269
|
2014-04-23 01:31 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258032
|
- |
|
eduserv
|
openathens_service_provider
|
Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."
|
CWE-287
Improper Authentication
|
CVE-2012-5353
|
2014-04-23 01:29 |
2012-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258033
|
- |
|
fitnesse
|
fitnesse_wiki
|
FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.
|
NVD-CWE-Other
|
CVE-2014-1216
|
2014-04-23 01:24 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258034
|
- |
|
fitnesse
|
fitnesse_wiki
|
Per: https://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
NVD-CWE-Other
|
CVE-2014-1216
|
2014-04-23 01:24 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258035
|
- |
|
pimcore
|
pimcore
|
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which all…
|
CWE-20
Improper Input Validation
|
CVE-2014-2922
|
2014-04-23 00:06 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258036
|
- |
|
pimcore
|
pimcore
|
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, w…
|
CWE-94
Code Injection
|
CVE-2014-2921
|
2014-04-23 00:04 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258037
|
- |
|
cisco
|
cns_network_registrar
|
The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows remote attackers to cause a denial of service (daemon reload) via a malformed DHCPv6 packet, aka Bug ID CSCuo07437.
|
CWE-20
Improper Input Validation
|
CVE-2014-2155
|
2014-04-22 04:59 |
2014-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258038
|
- |
|
siemens
|
sinema_server
|
Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80.
|
CWE-20
Improper Input Validation
|
CVE-2014-2733
|
2014-04-22 04:31 |
2014-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258039
|
- |
|
siemens
|
sinema_server
|
Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80.
|
NVD-CWE-noinfo
|
CVE-2014-2731
|
2014-04-22 04:28 |
2014-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258040
|
- |
|
toshibatec
|
e-studio-232
e-studio-233
e-studio-282
e-studio-283
|
Cross-site request forgery (CSRF) vulnerability in TopAccess (aka the web-based management utility) on TOSHIBA TEC e-Studio 232, 233, 282, and 283 devices allows remote attackers to hijack the authen…
|
CWE-352
Origin Validation Error
|
CVE-2014-1990
|
2014-04-22 04:23 |
2014-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
