|
257371
|
- |
|
joomla
|
joomla\!
|
Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.
|
CWE-287
Improper Authentication
|
CVE-2014-6632
|
2014-10-10 01:46 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257372
|
- |
|
drupal
|
zen
|
Multiple cross-site scripting (XSS) vulnerabilities in template.php in Zen theme 7.x-3.x before 7.x-3.3 and 7.x-5.x before 7.x-5.5 for Drupal allow remote authenticated users with the "administer the…
|
CWE-79
Cross-site Scripting
|
CVE-2014-7980
|
2014-10-10 00:47 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257373
|
- |
|
testlink
|
testlink
|
Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.p…
|
CWE-89
SQL Injection
|
CVE-2014-5308
|
2014-10-9 21:55 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257374
|
- |
|
arubanetworks
|
arubaos
|
Unspecified vulnerability in administrative interfaces in ArubaOS 6.3.1.11, 6.3.1.11-FIPS, 6.4.2.1, and 6.4.2.1-FIPS on Aruba controllers allows remote attackers to bypass authentication, and obtain …
|
NVD-CWE-noinfo
|
CVE-2014-7299
|
2014-10-9 02:38 |
2014-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257375
|
- |
|
gopro
|
gopro_hero_firmware
gopro_hero
|
gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action.
|
CWE-78
OS Command
|
CVE-2014-6434
|
2014-10-9 00:02 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257376
|
- |
|
gopro
|
gopro_hero_firmware
gopro_hero
|
gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action.
|
CWE-94
Code Injection
|
CVE-2014-6433
|
2014-10-9 00:00 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257377
|
- |
|
cyberoam
|
cyberoam_os
|
SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_us…
|
CWE-89
SQL Injection
|
CVE-2014-5503
|
2014-10-8 23:52 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257378
|
- |
|
cyberoam
|
cyberoam_os
|
Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary code via a crafted webpage or file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-5501
|
2014-10-8 23:44 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257379
|
- |
|
cyberoam
|
cyberoam_os
|
The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveu…
|
CWE-78
OS Command
|
CVE-2014-5502
|
2014-10-8 23:44 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257380
|
- |
|
debian
|
apt-cacher
|
Cross-site scripting (XSS) vulnerability in job.cc in apt-cacher-ng 0.7.26 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
|
CWE-352
Origin Validation Error
|
CVE-2014-4510
|
2014-10-8 10:37 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
