|
257381
|
- |
|
xmonad
|
xmonad-contrab
|
The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 allows remote attackers to execute arbitrary commands via a web page title, which activates the commands when the user clicks on the…
|
CWE-94
Code Injection
|
CVE-2013-1436
|
2014-10-8 08:33 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257382
|
- |
|
mmonit
|
m\/monit
|
M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and…
|
CWE-255
Credentials Management
|
CVE-2014-6607
|
2014-10-8 08:18 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257383
|
- |
|
drupal
|
custom_search_module
|
Cross-site scripting (XSS) vulnerability in the Custom Search module 6.x-1.x before 6.x-1.12 and 7.x-1.x before 7.x-1.14 for Drupal allows remote authenticated users with the "administer custom searc…
|
CWE-79
Cross-site Scripting
|
CVE-2014-7870
|
2014-10-8 08:15 |
2014-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257384
|
- |
|
brocade
|
vyatta_5400_vrouter_software
vyatta_5400_vrouter
|
The Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows attackers to obtain sensitive encrypted-password information by leveraging membership in the operator group.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4869
|
2014-10-8 08:02 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257385
|
- |
|
brocade
|
vyatta_5400_vrouter_software
vyatta_5400_vrouter
|
/opt/vyatta/bin/sudo-users/vyatta-clear-dhcp-lease.pl on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 does not properly validate parameters, which allows local users to gain privileges…
|
CWE-20
Improper Input Validation
|
CVE-2014-4870
|
2014-10-8 08:02 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257386
|
- |
|
brocade
|
vyatta_5400_vrouter_software
vyatta_5400_vrouter
|
The management console on the Brocade Vyatta 5400 vRouter 6.4R(x), 6.6R(x), and 6.7R1 allows remote authenticated users to execute arbitrary Linux commands via shell metacharacters in a console comma…
|
CWE-78
OS Command
|
CVE-2014-4868
|
2014-10-8 08:00 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257387
|
- |
|
drupal
|
context_form_alteration_module
|
Cross-site scripting (XSS) vulnerability in the configuration UI in the Context Form Alteration module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer context…
|
CWE-79
Cross-site Scripting
|
CVE-2014-7869
|
2014-10-8 02:33 |
2014-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257388
|
- |
|
embarcadero
|
embarcadero_c\+\+builder_xe6
embarcadero_delphi_xe6
|
Heap-based buffer overflow in the ReadDIB function in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder X…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0994
|
2014-10-8 01:39 |
2014-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257389
|
- |
|
jolokia
|
jolokia
|
Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page.
|
CWE-352
Origin Validation Error
|
CVE-2014-0168
|
2014-10-8 00:20 |
2014-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257390
|
- |
|
apache
|
shiro
|
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.
|
CWE-287
Improper Authentication
|
CVE-2014-0074
|
2014-10-7 23:16 |
2014-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
