|
258531
|
- |
|
gnu
|
gnutls
|
GnuTLS before 2.7.6, when the GNUTLS_VERIFY_ALLOW_X509_V1_CA_CRT flag is not enabled, treats version 1 X.509 certificates as intermediate CAs, which allows remote attackers to bypass intended restric…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2009-5138
|
2014-04-1 14:44 |
2014-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258532
|
- |
|
chainfire
|
supersu
|
The Chainfire SuperSU package before 1.69 for Android allows attackers to gain privileges via the (1) backtick or (2) $() type of shell metacharacters in the -c option to /system/xbin/su.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6775
|
2014-04-1 04:08 |
2014-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258533
|
- |
|
koushik_dutta
|
superuser
|
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android allows attackers to gain privileges via shell metacharacters in the -c option to /system/xbin/su.
|
CWE-20
Improper Input Validation
|
CVE-2013-6769
|
2014-04-1 04:01 |
2014-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258534
|
- |
|
koushik_dutta
|
superuser
|
Untrusted search path vulnerability in the CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.2.x and earlier allows attackers to trigger the launch of a Trojan horse app_process …
|
CWE-22
Path Traversal
|
CVE-2013-6768
|
2014-04-1 03:59 |
2014-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258535
|
- |
|
redhat
|
conga
enterprise_linux
|
Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLI…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7347
|
2014-04-1 03:23 |
2014-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258536
|
- |
|
alliedtelesis
|
img646bd_firmware
img646bd
at-rg634a_firmware
at-rg634a
img624a_firmware
img624a
img616lh_firmware
img616lh
|
The administrative interface in Allied Telesis AT-RG634A ADSL Broadband router 3.3+, iMG624A firmware 3.5, iMG616LH firmware 2.4, and iMG646BD firmware 3.5 allows remote attackers to gain privileges …
|
CWE-78
CWE-287
OS Command
Improper Authentication
|
CVE-2014-1982
|
2014-04-1 02:57 |
2014-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258537
|
- |
|
mozilla
|
firefox
|
The saltProfileName function in base/GeckoProfileDirectories.java in Mozilla Firefox through 28.0.1 on Android relies on Android's weak approach to seeding the Math.random function, which makes it ea…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1516
|
2014-04-1 02:33 |
2014-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258538
|
- |
|
symantec
|
liveupdate_administrator
|
The forgotten-password feature in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to reset arbitrary passwords by providin…
|
CWE-255
Credentials Management
|
CVE-2014-1644
|
2014-04-1 01:40 |
2014-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258539
|
- |
|
symantec
|
liveupdate_administrator
|
SQL injection vulnerability in forcepasswd.do in the management GUI in Symantec LiveUpdate Administrator (LUA) 2.x before 2.3.2.110 allows remote attackers to execute arbitrary SQL commands via unspe…
|
CWE-89
SQL Injection
|
CVE-2014-1645
|
2014-04-1 01:27 |
2014-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258540
|
- |
|
cisco
|
ios
|
The packet driver in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a series of (1) Virtual Switching Systems (VSS) or (2) Bidirectional Forwarding Detection (BFD)…
|
CWE-399
Resource Management Errors
|
CVE-2014-2131
|
2014-04-1 01:07 |
2014-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
