258181
|
- |
|
zyxel
|
p-660h-61 p-660h-63 p-660h-67 p-660h-d1 p-660h-d3 p-660h-t1 p-660h-t3 p-660hw p-660hw_d1 p-660hw_d3 p-660hw_t3
|
The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets.
|
CWE-20
Improper Input Validation
|
CVE-2013-3588
|
2014-04-3 00:29 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258182
|
- |
|
posh_project
|
posh
|
The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, w…
|
CWE-255
Credentials Management
|
CVE-2014-2212
|
2014-04-3 00:03 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258183
|
- |
|
horde
|
horde_application_framework
|
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted se…
|
CWE-94
Code Injection
|
CVE-2014-1691
|
2014-04-2 23:50 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258184
|
- |
|
checkpoint
|
security_gateway
|
Multiple unspecified vulnerabilities in Check Point Security Gateway 80 R71.x before R71.45 (730159141) and R75.20.x before R75.20.4 and 600 and 1100 appliances R75.20.x before R75.20.42 have unknown…
|
NVD-CWE-noinfo
|
CVE-2013-7350
|
2014-04-2 00:19 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258185
|
- |
|
redhat
|
jboss_operations_network
|
Red Hat JBoss Operations Network (JON) before 3.0.1 uses 0777 permissions for the root directory when installing a remote client, which allows local users to read or modify subdirectories and files w…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0032
|
2014-04-1 23:40 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258186
|
- |
|
redhat
|
jboss_operations_network
|
Red Hat JBoss Operations Network (JON) before 2.4.2 does not properly enforce "modify resource" permissions for remote authenticated users when deleting a plug-in configuration update from the group …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-4573
|
2014-04-1 23:38 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258187
|
- |
|
emc
|
vplex_geosynchrony
|
Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors.
|
CWE-287
Improper Authentication
|
CVE-2014-0635
|
2014-04-1 23:16 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258188
|
- |
|
emc
|
vplex_geosynchrony
|
EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sen…
|
CWE-20
Improper Input Validation
|
CVE-2014-0634
|
2014-04-1 23:14 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258189
|
- |
|
emc
|
vplex_geosynchrony
|
The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an …
|
CWE-20
Improper Input Validation
|
CVE-2014-0633
|
2014-04-1 23:13 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258190
|
- |
|
sonatype
|
nexus
|
Unspecified vulnerability in Sonatype Nexus OSS and Pro 2.4.0 through 2.7.1 allows attackers to create arbitrary user accounts via unknown vectors related to "an unauthenticated execution path."
|
NVD-CWE-noinfo
|
CVE-2014-2034
|
2014-04-1 21:55 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|