258441
|
- |
|
citrix
|
vdi-in-a-box
|
Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2690
|
2014-04-16 22:07 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258442
|
- |
|
xangati
|
xangati_software_release xangati_xnr
|
Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a gui_input_test.pl params parameter to servlet/Installer.
|
CWE-78
OS Command
|
CVE-2014-0359
|
2014-04-16 04:11 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258443
|
- |
|
xangati
|
xangati_software_release xangati_xnr
|
Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatu…
|
CWE-22
Path Traversal
|
CVE-2014-0358
|
2014-04-16 04:07 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258444
|
- |
|
zyxel
|
n300_netusb_nbg-419n_firmware n300_netusb_nbg-419n
|
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login ac…
|
CWE-255
Credentials Management
|
CVE-2014-0354
|
2014-04-16 02:56 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258445
|
- |
|
zyxel
|
n300_netusb_nbg-419n_firmware n300_netusb_nbg-419n
|
Multiple stack-based buffer overflows on the ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allow man-in-the-middle attackers to execute arbitrary code via (1) a long temp att…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0355
|
2014-04-16 02:56 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258446
|
- |
|
zyxel
|
n300_netusb_nbg-419n_firmware n300_netusb_nbg-419n
|
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2) set_langua…
|
CWE-78
OS Command
|
CVE-2014-0356
|
2014-04-16 02:56 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258447
|
- |
|
zyxel
|
n300_netusb_nbg-419n_firmware n300_netusb_nbg-419n
|
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to bypass authentication by using %2F sequences in place of / (slash) characters.
|
CWE-287
Improper Authentication
|
CVE-2014-0353
|
2014-04-16 02:55 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258448
|
- |
|
ontariosystems
|
artiva_architect artiva_healthcare artiva_rm artiva_workstation
|
The Artiva Agency Single Sign-On (SSO) implementation in Artiva Workstation 1.3.x before 1.3.9, Artiva Rm 3.1 MR7, Artiva Healthcare 5.2 MR5, and Artiva Architect 3.2 MR5, when the domain-name option…
|
CWE-287
Improper Authentication
|
CVE-2014-0348
|
2014-04-16 01:57 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258449
|
- |
|
pivotx
|
pivotx
|
Multiple unrestricted file upload vulnerabilities in fileupload.php in PivotX before 2.3.9 allow remote authenticated users to execute arbitrary PHP code by uploading a file with a (1) .php or (2) .p…
|
NVD-CWE-Other
|
CVE-2014-0342
|
2014-04-16 01:39 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258450
|
- |
|
pivotx
|
pivotx
|
Per: http://cwe.mitre.org/data/definitions/434.html
"CWE-434: Unrestricted Upload of File with Dangerous Type"
|
NVD-CWE-Other
|
CVE-2014-0342
|
2014-04-16 01:39 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|