|
257231
|
- |
|
cybozu
|
garoon
|
The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1993
|
2014-08-5 03:38 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257232
|
- |
|
cybozu
|
garoon
|
Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1996
|
2014-08-5 01:54 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257233
|
- |
|
fuelphp
|
fuelphp
|
The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response.
|
CWE-94
Code Injection
|
CVE-2014-1999
|
2014-08-5 01:27 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257234
|
- |
|
php_kobo
|
multifunctional_mailform_free
|
Cross-site scripting (XSS) vulnerability in PHP Kobo Multifunctional MailForm Free 2014/1/28 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header.
|
CWE-79
Cross-site Scripting
|
CVE-2014-3894
|
2014-08-5 01:06 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257235
|
- |
|
webidsupport
|
webid
|
Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) T…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5101
|
2014-08-5 00:29 |
2014-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257236
|
- |
|
innominate
|
mguard_firmware
|
Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request.
|
CWE-200
Information Exposure
|
CVE-2014-2356
|
2014-08-5 00:19 |
2014-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257237
|
- |
|
yealink
|
sip-t38g
|
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running …
|
CWE-78
OS Command
|
CVE-2013-5758
|
2014-08-4 23:13 |
2014-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257238
|
- |
|
yealink
|
sip-t38g
|
Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parame…
|
CWE-22
Path Traversal
|
CVE-2013-5757
|
2014-08-4 23:10 |
2014-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257239
|
- |
|
yealink
|
sip-t38g
|
Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx.
|
CWE-22
Path Traversal
|
CVE-2013-5756
|
2014-08-4 23:08 |
2014-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257240
|
- |
|
vitamin_plugin_project
|
vitamin
|
Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_head…
|
CWE-22
Path Traversal
|
CVE-2012-6651
|
2014-08-1 23:07 |
2014-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
