|
257351
|
- |
|
cisco
|
ios_xe
|
The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to spoof devices via crafted messages, aka Bug ID CSCuq2…
|
CWE-310
Cryptographic Issues
|
CVE-2014-3403
|
2014-10-11 02:55 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257352
|
- |
|
cisco
|
ios_xe
|
The Autonomic Networking Infrastructure (ANI) component in Cisco IOS XE does not properly validate certificates, which allows remote attackers to trigger acceptance of an invalid message via crafted …
|
CWE-310
Cryptographic Issues
|
CVE-2014-3404
|
2014-10-11 02:52 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257353
|
- |
|
splunk
|
splunk
|
Cross-site scripting (XSS) vulnerability in the auto-complete feature in Splunk Enterprise before 6.0.4 allows remote authenticated users to inject arbitrary web script or HTML via a CSV file.
|
CWE-79
Cross-site Scripting
|
CVE-2014-3147
|
2014-10-11 01:22 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257354
|
- |
|
apple
|
mac_os_x
|
The IOHIDSecurePromptClient function in Apple OS X does not properly validate pointer values, which allows remote attackers to execute arbitrary code or cause a denial of service (system crash) via a…
|
CWE-20
Improper Input Validation
|
CVE-2014-7861
|
2014-10-10 14:25 |
2014-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257355
|
- |
|
alex_kellner
|
powermail
|
The powermail extension 2.x before 2.0.11 for TYPO3 allows remote attackers to bypass the CAPTCHA protection mechanism via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-6288
|
2014-10-10 14:24 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257356
|
- |
|
alex_kellner
|
powermail
|
Per http://typo3.org/teams/security/security-bulletins/typo3-extensions/typo3-ext-sa-2014-006/, only version 2.0.0 - 2.0.10 are vulnerable.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-6288
|
2014-10-10 14:24 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257357
|
- |
|
openstack
canonical
|
keystone
ubuntu_linux
|
The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for to…
|
CWE-255
Credentials Management
|
CVE-2014-5251
|
2014-10-10 14:23 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257358
|
- |
|
openstack
canonical
|
keystone
ubuntu_linux
|
The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the tok…
|
CWE-255
Credentials Management
|
CVE-2014-5252
|
2014-10-10 14:23 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257359
|
- |
|
openstack
canonical
|
keystone
ubuntu_linux
|
OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access …
|
CWE-255
Credentials Management
|
CVE-2014-5253
|
2014-10-10 14:23 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257360
|
- |
|
drupal
|
drupal
|
modules/openid/xrds.inc in Drupal 6.x before 6.33 and 7.x before 7.31 allows remote attackers to have unspecified impact via a crafted DOCTYPE declaration in an XRDS document.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5267
|
2014-10-10 14:23 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
