|
258031
|
- |
|
amazon
|
kindle
|
The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informat…
|
CWE-310
Cryptographic Issues
|
CVE-2014-3908
|
2014-09-3 03:04 |
2014-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258032
|
- |
|
freedesktop
|
poppler
|
DCTStream.cc in Poppler before 0.13.3 allows remote attackers to cause a denial of service (crash) via a crafted PDF file.
|
CWE-20
Improper Input Validation
|
CVE-2010-5110
|
2014-09-3 01:54 |
2014-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258033
|
- |
|
iridium
|
open_port
pilot_below_deck_equipment
|
The Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allow remote attackers to read hardcoded credentials via the web interface.
|
NVD-CWE-Other
|
CVE-2014-0326
|
2014-08-29 03:57 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258034
|
- |
|
iridium
|
open_port
pilot_below_deck_equipment
|
<a href="http://cwe.mitre.org/data/definitions/798.html">CWE-798: Use of Hard-coded Credentials</a>
|
NVD-CWE-Other
|
CVE-2014-0326
|
2014-08-29 03:57 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258035
|
- |
|
iridium
|
open_port
pilot_below_deck_equipment
|
The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allows remote attackers to execute arbitrary code by uploading new firmwa…
|
NVD-CWE-Other
|
CVE-2014-0327
|
2014-08-29 03:57 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258036
|
- |
|
iridium
|
open_port
pilot_below_deck_equipment
|
<a href="http://cwe.mitre.org/data/definitions/306.html">CWE-306: Missing Authentication for Critical Function</a>
|
NVD-CWE-Other
|
CVE-2014-0327
|
2014-08-29 03:57 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258037
|
- |
|
wordpress
|
wordpress
|
wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.
|
NVD-CWE-noinfo
|
CVE-2014-5203
|
2014-08-29 03:06 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258038
|
- |
|
invensys
|
wonderware_information_server
|
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration i…
|
CWE-20
Improper Input Validation
|
CVE-2014-5398
|
2014-08-29 00:22 |
2014-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258039
|
- |
|
invensys
|
wonderware_information_server
|
Per: https://ics-cert.us-cert.gov/advisories/ICSA-14-238-02
"WIS may allow access to local resources (files and internal resources) via unsafe parsing of XML external entities. By using specially cr…
|
CWE-20
Improper Input Validation
|
CVE-2014-5398
|
2014-08-29 00:22 |
2014-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258040
|
- |
|
invensys
|
wonderware_information_server
|
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows local users to obtain sensitive information by reading a credential file.
|
NVD-CWE-Other
|
CVE-2014-2381
|
2014-08-29 00:07 |
2014-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
