258191
|
- |
|
redhat
|
jboss_web_framework_kit
|
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name.
|
CWE-79
Cross-site Scripting
|
CVE-2014-0149
|
2014-05-7 04:07 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258192
|
- |
|
amtelco
|
misecuremessages
|
Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2347
|
2014-05-6 22:16 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258193
|
- |
|
david_leonard
|
pkstat
|
tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log.
|
CWE-59
Link Following
|
CVE-2013-0350
|
2014-05-6 02:27 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258194
|
- |
|
randall_hand fedoraproject
|
yerase\'s_tnef_stream_reader fedora
|
Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer …
|
CWE-189
Numeric Errors
|
CVE-2010-5109
|
2014-05-6 02:19 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258195
|
- |
|
conceptronic
|
c54apm_firmware c54apm
|
CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP respon…
|
CWE-20
Improper Input Validation
|
CVE-2014-1406
|
2014-05-6 00:29 |
2014-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258196
|
- |
|
conceptronic
|
c54apm_firmware c54apm
|
The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as …
|
CWE-255
Credentials Management
|
CVE-2014-1408
|
2014-05-6 00:28 |
2014-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258197
|
- |
|
technicolor
|
tc7200_firmware tc7200
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that …
|
CWE-352
Origin Validation Error
|
CVE-2014-0621
|
2014-05-6 00:23 |
2014-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258198
|
- |
|
freebsd
|
freebsd
|
The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jail…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3001
|
2014-05-5 23:54 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258199
|
- |
|
dynamixsolutions
|
arabic_prawn
|
lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable.
|
NVD-CWE-Other
|
CVE-2014-2322
|
2014-05-5 22:47 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258200
|
- |
|
dynamixsolutions
|
arabic_prawn
|
Per: https://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
NVD-CWE-Other
|
CVE-2014-2322
|
2014-05-5 22:47 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|