|
256831
|
- |
|
free_ebooks_project
|
free_ebooks
|
The Free eBooks (aka com.bmfapps.freekindlebooks) application 14 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain …
|
CWE-310
Cryptographic Issues
|
CVE-2014-5588
|
2014-11-14 07:29 |
2014-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256832
|
- |
|
open_atrium_project
|
open_atrium
|
The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revi…
|
CWE-200
Information Exposure
|
CVE-2014-8736
|
2014-11-13 23:24 |
2014-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256833
|
- |
|
closeprotectionworld
|
cpworld_close_protection_world
|
The CPWORLD Close Protection World (aka com.tapatalk.closeprotectionworldcom) application 3.4.4 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attacke…
|
CWE-310
Cryptographic Issues
|
CVE-2014-4885
|
2014-11-11 02:24 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256834
|
- |
|
conrad_hotel_project
|
conrad_hotel
|
The Conrad Hotel (aka com.wConradHotel) application 0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive…
|
CWE-310
Cryptographic Issues
|
CVE-2014-4884
|
2014-11-11 02:18 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256835
|
- |
|
trendmicro
|
interscan_web_security_virtual_appliance
|
The AdminUI in Trend Micro InterScan Web Security Virtual Appliance (IWSVA) before 6.0 HF build 1244 allows remote authenticated users to read arbitrary files via vectors related to configuration inp…
|
CWE-20
Improper Input Validation
|
CVE-2014-8510
|
2014-11-10 22:42 |
2014-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256836
|
- |
|
arubanetworks
|
clearpass
|
Cross-site request forgery (CSRF) vulnerability in the Insight module in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to hijack the authentication of a logged …
|
CWE-79
Cross-site Scripting
|
CVE-2014-6623
|
2014-11-10 22:39 |
2014-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256837
|
- |
|
arubanetworks
|
clearpass
|
Cross-site scripting (XSS) vulnerability in Aruba Networks ClearPass before 6.3.6 and 6.4.x before 6.4.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-6620
|
2014-11-10 22:38 |
2014-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256838
|
- |
|
eucalyptus
|
eucalyptus
|
Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local users to obtain sensitive information by reading the cloud log files.
|
CWE-200
Information Exposure
|
CVE-2014-5038
|
2014-11-10 22:37 |
2014-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256839
|
- |
|
eucalyptus
|
eucalyptus
|
Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by reading cloud-requests.log.
|
CWE-200
Information Exposure
|
CVE-2014-5037
|
2014-11-10 22:32 |
2014-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256840
|
- |
|
brokenscreencrank_project
|
brokenscreencrank
|
The brokenscreencrank (aka com.biggame.brokenscreencrank) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers an…
|
CWE-310
Cryptographic Issues
|
CVE-2014-5587
|
2014-11-10 06:10 |
2014-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
