258331
|
- |
|
carbonblack
|
carbon_black
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Carbon Black before 4.1.0 allow remote attackers to hijack the authentication of administrators for requests that add new administrative …
|
CWE-352
Origin Validation Error
|
CVE-2014-1615
|
2014-04-23 21:36 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258332
|
- |
|
freedesktop
|
poppler
|
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on tem…
|
CWE-59
Link Following
|
CVE-2013-4472
|
2014-04-23 21:20 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258333
|
- |
|
vtiger
|
vtiger_crm
|
modules/Users/ForgotPassword.php in vTiger 6.0 before Security Patch 2 allows remote attackers to reset the password for arbitrary users via a request containing the username, password, and confirmPa…
|
CWE-20
Improper Input Validation
|
CVE-2014-2269
|
2014-04-23 01:31 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258334
|
- |
|
eduserv
|
openathens_service_provider
|
Eduserv OpenAthens SP 2.0 for Java allows remote attackers to forge messages and bypass authentication via a SAML assertion that lacks a Signature element, aka a "Signature exclusion attack."
|
CWE-287
Improper Authentication
|
CVE-2012-5353
|
2014-04-23 01:29 |
2012-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258335
|
- |
|
fitnesse
|
fitnesse_wiki
|
FitNesse Wiki 20131110, 20140201, and earlier allows remote attackers to execute arbitrary commands by defining a COMMAND_PATTERN and TEST_RUNNER in the pageContent parameter when editing a page.
|
NVD-CWE-Other
|
CVE-2014-1216
|
2014-04-23 01:24 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258336
|
- |
|
fitnesse
|
fitnesse_wiki
|
Per: https://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
NVD-CWE-Other
|
CVE-2014-1216
|
2014-04-23 01:24 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258337
|
- |
|
pimcore
|
pimcore
|
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which all…
|
CWE-20
Improper Input Validation
|
CVE-2014-2922
|
2014-04-23 00:06 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258338
|
- |
|
pimcore
|
pimcore
|
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, w…
|
CWE-94
Code Injection
|
CVE-2014-2921
|
2014-04-23 00:04 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258339
|
- |
|
cisco
|
cns_network_registrar
|
The DHCPv6 server module in Cisco CNS Network Registrar 7.1 allows remote attackers to cause a denial of service (daemon reload) via a malformed DHCPv6 packet, aka Bug ID CSCuo07437.
|
CWE-20
Improper Input Validation
|
CVE-2014-2155
|
2014-04-22 04:59 |
2014-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258340
|
- |
|
siemens
|
sinema_server
|
Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80.
|
CWE-20
Improper Input Validation
|
CVE-2014-2733
|
2014-04-22 04:31 |
2014-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|