258991
|
- |
|
paperthin
|
commonspot_content_server
|
Incomplete blacklist vulnerability in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to conduct cross-site scripting (XSS) attacks via a crafted string, as demonstrate…
|
NVD-CWE-Other
|
CVE-2014-2861
|
2014-04-16 23:08 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258992
|
- |
|
paperthin
|
commonspot_content_server
|
Per: https://cwe.mitre.org/data/definitions/184.html "CWE-184: Incomplete Blacklist"
|
NVD-CWE-Other
|
CVE-2014-2861
|
2014-04-16 23:08 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258993
|
- |
|
emc
|
documentum_content_server
|
EMC Documentum Content Server before 6.7 SP1 P26, 6.7 SP2 before P13, 7.0 before P13, and 7.1 before P02 allows remote authenticated users to bypass intended access restrictions and read metadata fro…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0642
|
2014-04-16 23:03 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258994
|
- |
|
paperthin
|
commonspot_content_server
|
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to bypass intended access restrictions via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2859
|
2014-04-16 22:58 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258995
|
- |
|
paperthin
|
commonspot_content_server
|
Multiple cross-site scripting (XSS) vulnerabilities in PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allow remote attackers to inject arbitrary web script or HTML via a crafted HTTP request …
|
CWE-79
Cross-site Scripting
|
CVE-2014-2860
|
2014-04-16 22:58 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258996
|
- |
|
xen
|
xen
|
The netback driver in Xen, when using certain Linux versions that do not allow sleeping in softirq context, allows local guest administrators to cause a denial of service ("scheduling while atomic" e…
|
CWE-399
Resource Management Errors
|
CVE-2014-2580
|
2014-04-16 22:57 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258997
|
- |
|
citrix
|
vdi-in-a-box
|
Citrix VDI-in-a-Box 5.3.x before 5.3.6 and 5.4.x before 5.4.3 allows local users to obtain administrator credentials by reading the log.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2690
|
2014-04-16 22:07 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258998
|
- |
|
xangati
|
xangati_software_release xangati_xnr
|
Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a gui_input_test.pl params parameter to servlet/Installer.
|
CWE-78
OS Command
|
CVE-2014-0359
|
2014-04-16 04:11 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258999
|
- |
|
xangati
|
xangati_software_release xangati_xnr
|
Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatu…
|
CWE-22
Path Traversal
|
CVE-2014-0358
|
2014-04-16 04:07 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259000
|
- |
|
zyxel
|
n300_netusb_nbg-419n_firmware n300_netusb_nbg-419n
|
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 has a hardcoded password of qweasdzxc for an unspecified account, which allows remote attackers to obtain index.asp login ac…
|
CWE-255
Credentials Management
|
CVE-2014-0354
|
2014-04-16 02:56 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|