|
257331
|
- |
|
roger_padilla_camacho
|
easy_breadcrumb
|
Cross-site scripting (XSS) vulnerability in the Easy Breadcrumb module 7.x-2.x before 7.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-4505
|
2014-07-17 14:07 |
2014-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257332
|
- |
|
yann_collet
|
lz4
|
Yann Collet LZ4 before r119, when used on certain 32-bit platforms that allocate memory beyond 0x80000000, does not properly detect integer overflows, which allows context-dependent attackers to caus…
|
CWE-189
Numeric Errors
|
CVE-2014-4715
|
2014-07-17 14:07 |
2014-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257333
|
- |
|
op5
pnp4nagios
|
monitor
pnp4nagios
|
Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a paramete…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4907
|
2014-07-17 14:07 |
2014-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257334
|
- |
|
spamtitan
|
spamtitan
|
Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-2965
|
2014-07-17 14:06 |
2014-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257335
|
- |
|
apache
|
solr
|
The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity r…
|
NVD-CWE-noinfo
|
CVE-2013-6407
|
2014-07-17 14:01 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257336
|
- |
|
apache
|
solr
|
Per: http://secunia.com/advisories/55542
"A vulnerability has been reported in Apache Solr, which can be exploited by malicious people to disclose certain sensitive information or cause a DoS (Denia…
|
NVD-CWE-noinfo
|
CVE-2013-6407
|
2014-07-17 14:01 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257337
|
- |
|
hanon
|
faceid_f810_firmware
faceid
faceid_f710_firmware
faceid_fk800_firmware
faceid_fa007_firmware
|
Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands.
|
CWE-287
Improper Authentication
|
CVE-2014-2938
|
2014-07-17 03:54 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257338
|
- |
|
zte
|
zxv10_w300_firmware
zxv10_w300
|
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain the PPPoE/PPPoA passwo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4154
|
2014-07-17 02:49 |
2014-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257339
|
- |
|
zte
|
zxv10_w300_firmware
zxv10_w300
|
The ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.
|
CWE-255
Credentials Management
|
CVE-2014-4018
|
2014-07-17 02:44 |
2014-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257340
|
- |
|
reportico
|
php_report_designer
|
Directory traversal vulnerability in Reportico PHP Report Designer before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the xmlin parameter.
|
CWE-22
Path Traversal
|
CVE-2014-3777
|
2014-07-17 02:28 |
2014-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
