|
256851
|
- |
|
sap
|
customer_relationship_management_internet_sales
|
The SAP CRM Internet Sales module allows remote attackers to execute arbitrary commands via unspecified vectors.
|
CWE-94
Code Injection
|
CVE-2014-8661
|
2014-11-7 12:04 |
2014-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256852
|
- |
|
classapps
|
selectsurvey.net
|
Multiple SQL injection vulnerabilities in ClassApps SelectSurvey.NET before 4.125.002 allow (1) remote attackers to execute arbitrary SQL commands via the SurveyID parameter to survey/ReviewReadOnlyS…
|
CWE-89
SQL Injection
|
CVE-2014-6030
|
2014-11-7 04:49 |
2014-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256853
|
- |
|
compal_broadband_networks
|
firmware
cg6640e_wireless_gateway
ch664oe_wireless_gateway
|
The Compal Broadband Networks (CBN) CH6640E and CG6640E Wireless Gateway 1.0 with firmware CH6640-3.5.11.7-NOSH have a default password of (1) admin for the admin account and (2) compalbn for the roo…
|
CWE-255
Credentials Management
|
CVE-2014-8656
|
2014-11-7 04:20 |
2014-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256854
|
- |
|
compfight_project
|
compfight
|
Cross-site scripting (XSS) vulnerability in compfight-search.php in the Compfight plugin 1.4 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the search-valu…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8622
|
2014-11-7 04:09 |
2014-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256855
|
- |
|
torrnad0
|
sprint_jump
|
The Sprint jump (aka air.com.ilaz.appilas) application 1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitiv…
|
CWE-310
Cryptographic Issues
|
CVE-2014-5545
|
2014-11-7 01:34 |
2014-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256856
|
- |
|
websupporter
|
wp_amasin_-_the_amazon_affiliate_shop
|
Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pat…
|
CWE-22
Path Traversal
|
CVE-2014-4577
|
2014-11-6 21:38 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256857
|
- |
|
accuenergy
|
axm-net
acuvim_ii
|
The AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to discover passwords and modify settings via vectors involving JavaScript.
|
CWE-200
Information Exposure
|
CVE-2014-2374
|
2014-11-6 07:45 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256858
|
- |
|
accuenergy
|
axm-net
acuvim_ii
|
The web server on the AXN-NET Ethernet module accessory 3.04 for the Accuenergy Acuvim II allows remote attackers to bypass authentication and modify settings via a direct request to an unspecified U…
|
CWE-287
Improper Authentication
|
CVE-2014-2373
|
2014-11-6 07:44 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256859
|
- |
|
epicor
|
epicor_enterprise
|
Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allows attackers to obtain the (1) Database Connection and (2) E-mail Connection passwords by reading HTML source code of the database connection a…
|
CWE-200
Information Exposure
|
CVE-2014-4311
|
2014-11-5 12:50 |
2014-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256860
|
- |
|
plone
zope
|
plone
zope
|
Zope before 2.13.19, as used in Plone before 4.2.3 and 4.3 before beta 1, does not reseed the pseudo-random number generator (PRNG), which makes it easier for remote attackers to guess the value via …
|
CWE-310
Cryptographic Issues
|
CVE-2012-6661
|
2014-11-5 12:32 |
2014-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
