258171
|
- |
|
theforeman
|
foreman
|
Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0187
|
2014-05-9 00:00 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258172
|
- |
|
theforeman
|
foreman
|
Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack.
|
CWE-310
Cryptographic Issues
|
CVE-2013-0173
|
2014-05-8 23:59 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258173
|
- |
|
theforeman
|
foreman
|
The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request.
|
CWE-200
Information Exposure
|
CVE-2013-0174
|
2014-05-8 23:58 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258174
|
- |
|
theforeman
|
foreman
|
Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API.
|
CWE-94
Code Injection
|
CVE-2013-0171
|
2014-05-8 23:52 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258175
|
- |
|
theforeman
|
foreman
|
The smart proxy in Foreman before 1.1 uses a umask set to 0, which allows local users to modify files created by the daemon via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5477
|
2014-05-8 23:50 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258176
|
- |
|
illinois
|
ncsa_mosaic
|
NCSA Mosaic 2.1 through 2.7b5 allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/Mosaic.pid file for every possible PID.
|
NVD-CWE-noinfo
|
CVE-2014-3426
|
2014-05-8 23:08 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258177
|
- |
|
illinois
|
ncsa_mosaic
|
NCSA Mosaic 2.0 and earlier allows local users to cause a denial of service ("remote control" outage) by creating a /tmp/xmosaic.pid file for every possible PID.
|
NVD-CWE-noinfo
|
CVE-2014-3425
|
2014-05-8 23:07 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258178
|
- |
|
cisco
|
webex_advanced_recording_format_player webex_recording_format_player
|
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-2136
|
2014-05-8 22:47 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258179
|
- |
|
cisco
|
webex_advanced_recording_format_player webex_recording_format_player
|
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-2135
|
2014-05-8 22:40 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258180
|
- |
|
cisco
|
webex_advanced_recording_format_player webex_recording_format_player
|
Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a d…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-2134
|
2014-05-8 22:32 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|