|
258241
|
- |
|
raritan
|
px
dpxr20a-16
|
Raritan PX before 1.5.11 on DPXR20A-16 devices allows remote attackers to bypass authentication and execute arbitrary IPMI commands by using cipher suite 0 (aka cipher zero) and an arbitrary password.
|
CWE-287
Improper Authentication
|
CVE-2014-2955
|
2014-07-16 01:24 |
2014-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258242
|
- |
|
datumsystems
|
snip
|
Datum Systems SnIP on PSM-500 and PSM-4500 devices has a hardcoded password of admin for the admin account, which makes it easier for remote attackers to obtain access via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2014-2951
|
2014-07-16 00:44 |
2014-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258243
|
- |
|
datumsystems
|
snip
|
<a href="http://cwe.mitre.org/data/definitions/798.html" target="_blank">CWE-798: Use of Hard-coded Credentials</a>
|
NVD-CWE-Other
|
CVE-2014-2951
|
2014-07-16 00:44 |
2014-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258244
|
- |
|
datumsystems
|
snip
|
Datum Systems SnIP on PSM-500 and PSM-4500 devices does not require authentication for FTP sessions, which allows remote attackers to obtain sensitive information via RETR commands.
|
NVD-CWE-Other
|
CVE-2014-2950
|
2014-07-16 00:41 |
2014-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258245
|
- |
|
datumsystems
|
snip
|
<a href="http://cwe.mitre.org/data/definitions/220.html" target="_blank">CWE-220: Sensitive Data Under FTP Root</a>
|
NVD-CWE-Other
|
CVE-2014-2950
|
2014-07-16 00:41 |
2014-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258246
|
- |
|
kaseya
|
virtual_system_administrator
|
kapfa.sys in Kaseya Virtual System Administrator (VSA) 6.5 before 6.5.0.17 and 7.0 before 7.0.0.16 allows local users to cause a denial of service (NULL pointer dereference and application crash) via…
|
NVD-CWE-Other
|
CVE-2014-2926
|
2014-07-16 00:26 |
2014-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258247
|
- |
|
kaseya
|
virtual_system_administrator
|
<a href="http://cwe.mitre.org/data/definitions/476.html" target="_blank">CWE-476: NULL Pointer Dereference</a>
|
NVD-CWE-Other
|
CVE-2014-2926
|
2014-07-16 00:26 |
2014-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258248
|
- |
|
horde
|
groupware
internet_mail_program
|
Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitr…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4946
|
2014-07-15 03:34 |
2014-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258249
|
- |
|
bookx_plugin_project
|
bookx
|
Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
CWE-22
Path Traversal
|
CVE-2014-4937
|
2014-07-15 03:29 |
2014-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258250
|
- |
|
enl_newsletter_plugin_project
|
enl-newsletter
|
SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the …
|
CWE-89
SQL Injection
|
CVE-2014-4939
|
2014-07-15 03:27 |
2014-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
