258101
|
- |
|
intersectalliance
|
system_intrusion_analysis_and_reporting_environment
|
Cross-site scripting (XSS) vulnerability in the events page in the System iNtrusion Analysis and Reporting Environment (SNARE) for Linux agent before 1.7.0 allows remote attackers to inject arbitrary…
|
CWE-79
Cross-site Scripting
|
CVE-2011-5249
|
2014-05-15 21:21 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258102
|
- |
|
broadcom
|
pipa_c211_web_interface pipa_c211
|
cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information vi…
|
CWE-310
Cryptographic Issues
|
CVE-2014-2046
|
2014-05-15 03:55 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258103
|
- |
|
foscam
|
ip_camera_firmware
|
Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijac…
|
CWE-255
Credentials Management
|
CVE-2014-1849
|
2014-05-15 03:43 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258104
|
- |
|
oracle
|
openjdk
|
Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462.
|
NVD-CWE-noinfo
|
CVE-2014-2405
|
2014-05-15 03:34 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258105
|
- |
|
nathan_haug
|
filefield_sources
|
The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4502
|
2014-05-15 03:34 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258106
|
- |
|
oracle
|
openjdk
|
Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-2405.
|
NVD-CWE-noinfo
|
CVE-2014-0462
|
2014-05-15 03:30 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258107
|
- |
|
openvpn
|
openvpn_access_server
|
Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote attackers to hijack the authentication of administrators for requests th…
|
CWE-352
Origin Validation Error
|
CVE-2013-2692
|
2014-05-15 03:04 |
2014-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258108
|
- |
|
drupalauth_project
|
drupalauth
|
lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for simpleSAMLphp allows remote attackers to authenticate as an arbitrary user via the user name (uid) in a cookie.
|
CWE-287
Improper Authentication
|
CVE-2013-4552
|
2014-05-15 03:00 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258109
|
- |
|
canonical
|
software-properties ubuntu_linux
|
ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys fo…
|
CWE-20
Improper Input Validation
|
CVE-2011-4407
|
2014-05-15 02:57 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258110
|
- |
|
gitlab
|
gitlab
|
Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition (EE) 6.6.0 before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-3456
|
2014-05-15 02:49 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|