|
257851
|
- |
|
amtelco
|
misecuremessages
|
Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2347
|
2014-05-6 22:16 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257852
|
- |
|
david_leonard
|
pkstat
|
tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log.
|
CWE-59
Link Following
|
CVE-2013-0350
|
2014-05-6 02:27 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257853
|
- |
|
randall_hand
fedoraproject
|
yerase\'s_tnef_stream_reader
fedora
|
Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer …
|
CWE-189
Numeric Errors
|
CVE-2010-5109
|
2014-05-6 02:19 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257854
|
- |
|
conceptronic
|
c54apm_firmware
c54apm
|
CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP respon…
|
CWE-20
Improper Input Validation
|
CVE-2014-1406
|
2014-05-6 00:29 |
2014-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257855
|
- |
|
conceptronic
|
c54apm_firmware
c54apm
|
The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as …
|
CWE-255
Credentials Management
|
CVE-2014-1408
|
2014-05-6 00:28 |
2014-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257856
|
- |
|
technicolor
|
tc7200_firmware
tc7200
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that …
|
CWE-352
Origin Validation Error
|
CVE-2014-0621
|
2014-05-6 00:23 |
2014-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257857
|
- |
|
freebsd
|
freebsd
|
The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jail…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3001
|
2014-05-5 23:54 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257858
|
- |
|
dynamixsolutions
|
arabic_prawn
|
lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable.
|
NVD-CWE-Other
|
CVE-2014-2322
|
2014-05-5 22:47 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257859
|
- |
|
dynamixsolutions
|
arabic_prawn
|
Per: https://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
NVD-CWE-Other
|
CVE-2014-2322
|
2014-05-5 22:47 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257860
|
- |
|
unitrends
|
enterprise_backup
|
recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string.
|
CWE-287
Improper Authentication
|
CVE-2014-3139
|
2014-05-5 21:57 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
