243951
|
7.5 |
HIGH
|
fuelphp
|
fuelphp
|
The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response.
|
CWE-94
コード・インジェクション
|
CVE-2014-1999
|
2014-08-5 01:27 |
2014-07-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243952
|
4.3 |
MEDIUM
|
php_kobo
|
multifunctional_mailform_free
|
Cross-site scripting (XSS) vulnerability in PHP Kobo Multifunctional MailForm Free 2014/1/28 and earlier allows remote attackers to inject arbitrary web script or HTML via an HTTP Referer header.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-3894
|
2014-08-5 01:06 |
2014-07-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243953
|
4.3 |
MEDIUM
|
webidsupport
|
webid
|
Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) T…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-5101
|
2014-08-5 00:29 |
2014-07-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243954
|
5.0 |
MEDIUM
|
innominate
|
mguard_firmware
|
Innominate mGuard before 7.6.4 and 8.x before 8.0.3 does not require authentication for snapshot downloads, which allows remote attackers to obtain sensitive information via a crafted HTTPS request.
|
CWE-200
情報漏えい
|
CVE-2014-2356
|
2014-08-5 00:19 |
2014-07-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243955
|
9.0 |
HIGH
|
yealink
|
sip-t38g
|
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running …
|
CWE-78
OSコマンド・インジェクション
|
CVE-2013-5758
|
2014-08-4 23:13 |
2014-08-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243956
|
4.0 |
MEDIUM
|
yealink
|
sip-t38g
|
Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parame…
|
CWE-22
パス・トラバーサル
|
CVE-2013-5757
|
2014-08-4 23:10 |
2014-08-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243957
|
4.0 |
MEDIUM
|
yealink
|
sip-t38g
|
Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx.
|
CWE-22
パス・トラバーサル
|
CVE-2013-5756
|
2014-08-4 23:08 |
2014-08-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243958
|
5.0 |
MEDIUM
|
vitamin_plugin_project
|
vitamin
|
Multiple directory traversal vulnerabilities in the Vitamin plugin before 1.1.0 for WordPress allow remote attackers to access arbitrary files via a .. (dot dot) in the path parameter to (1) add_head…
|
CWE-22
パス・トラバーサル
|
CVE-2012-6651
|
2014-08-1 23:07 |
2014-07-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243959
|
7.8 |
HIGH
|
juniper
|
junos srx100 srx110 srx1400 srx210 srx220 srx240 srx3400 srx3600 srx550 srx5600 srx5800 srx650
|
Juniper Junos 11.4 before 11.4R12, 12.1X44 before 12.1X44-D32, 12.1X45 before 12.1X45-D25, 12.1X46 before 12.1X46-D20, and 12.1X47 before 12.1X47-D10 on SRX Series devices, when NAT protocol translat…
|
CWE-20
不適切な入力確認
|
CVE-2014-3817
|
2014-08-1 14:09 |
2014-07-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243960
|
4.3 |
MEDIUM
|
homepage_decorator_perlmailer_project
|
homepage_decorator_perlmailer
|
Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlMailer 3.10 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-3897
|
2014-07-31 04:03 |
2014-07-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243961
|
6.4 |
MEDIUM
|
iodata
|
ts-wlcam\/v_camera_firmware ts-wlcam\/v_camera ts-wptcam_camera_firmware ts-wptcam_camera ts-wlcam_camera_firmware ts-wlcam_camera ts-ptcam\/poe_camera_firmware ts-ptcam\/poe_cam…
|
The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and …
|
CWE-287
不適切な認証
|
CVE-2014-3895
|
2014-07-31 03:48 |
2014-07-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243962
|
6.4 |
MEDIUM
|
iodata
|
ts-wlcam\/v_camera_firmware ts-wlcam\/v_camera ts-wptcam_camera_firmware ts-wptcam_camera ts-wlcam_camera_firmware ts-wlcam_camera ts-ptcam\/poe_camera_firmware ts-ptcam\/poe_cam…
|
Per: http://jvn.jp/en/jp/JVN94592501/index.html
"Products Affected
TS-WLCAM firmware version 1.06 and earlier
TS-WLCAM/V firmware version 1.06 and earlier
TS-WPTCAM firmware version 1.0…
|
CWE-287
不適切な認証
|
CVE-2014-3895
|
2014-07-31 03:48 |
2014-07-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243963
|
5.0 |
MEDIUM
|
cairographics
|
cairo
|
The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string.
|
NVD-CWE-Other
|
CVE-2014-5116
|
2014-07-31 02:18 |
2014-07-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243964
|
5.0 |
MEDIUM
|
cairographics
|
cairo
|
<a href="http://cwe.mitre.org/data/definitions/476.html" target="_blank">CWE-476: NULL Pointer Dereference</a>
|
NVD-CWE-Other
|
CVE-2014-5116
|
2014-07-31 02:18 |
2014-07-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243965
|
7.5 |
HIGH
|
webidsupport
|
webid
|
WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter.
|
NVD-CWE-Other
|
CVE-2014-5114
|
2014-07-31 02:02 |
2014-07-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243966
|
7.5 |
HIGH
|
webidsupport
|
webid
|
<a href="http://cwe.mitre.org/data/definitions/90.html" target="_blank">CWE-90: Improper Neutralization of Special Elements used in an LDAP Query ('LDAP Injection')</a>
|
NVD-CWE-Other
|
CVE-2014-5114
|
2014-07-31 02:02 |
2014-07-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243967
|
6.8 |
MEDIUM
|
silver-peak
|
vx
|
Cross-site request forgery (CSRF) vulnerability in php/user_account.php in Silver Peak VX through 6.2.4 allows remote attackers to hijack the authentication of administrators for requests that create…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2014-2974
|
2014-07-29 23:28 |
2014-07-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243968
|
4.3 |
MEDIUM
|
visualware
|
myconnection_server
|
Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3)…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-5113
|
2014-07-29 23:18 |
2014-07-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243969
|
4.3 |
MEDIUM
|
ol-commerce_project
|
ol-commerce
|
Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) a_country parameter in a process action to affiliate…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-5105
|
2014-07-29 22:05 |
2014-07-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243970
|
7.5 |
HIGH
|
ol-commerce_project
|
ol-commerce
|
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) a…
|
CWE-89
SQLインジェクション
|
CVE-2014-5104
|
2014-07-29 22:04 |
2014-07-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243971
|
7.5 |
HIGH
|
mailpoet
|
mailpoet_newsletters
|
Unspecified vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.8 for WordPress has unspecified impact and attack vectors.
|
NVD-CWE-noinfo
|
CVE-2014-4726
|
2014-07-29 04:21 |
2014-07-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243972
|
7.5 |
HIGH
|
mailpoet
|
mailpoet_newsletters
|
The MailPoet Newsletters (wysija-newsletters) plugin before 2.6.7 for WordPress allows remote attackers to bypass authentication and execute arbitrary PHP code by uploading a crafted theme using wp-a…
|
CWE-287
不適切な認証
|
CVE-2014-4725
|
2014-07-29 04:18 |
2014-07-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243973
|
4.3 |
MEDIUM
|
gurock
|
testrail
|
Cross-site scripting (XSS) vulnerability in Gurock TestRail before 3.1.3 allows remote attackers to inject arbitrary web script or HTML via the Created By field in a project activity.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-4857
|
2014-07-29 04:05 |
2014-07-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243974
|
5.0 |
MEDIUM
|
caucho
|
resin
|
The ISO-8859-1 encoder in Resin Pro before 4.0.40 does not properly perform Unicode transformations, which allows remote attackers to bypass intended text restrictions via crafted characters, as demo…
|
CWE-264 CWE-20
認可・権限・アクセス制御 不適切な入力確認
|
CVE-2014-2966
|
2014-07-29 04:00 |
2014-07-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243975
|
10.0 |
HIGH
|
morpho
|
itemiser_3
|
Morpho Itemiser 3 8.17 has hardcoded administrative credentials, which makes it easier for remote attackers to obtain access via a login request.
|
NVD-CWE-Other
|
CVE-2014-2363
|
2014-07-29 02:45 |
2014-07-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243976
|
10.0 |
HIGH
|
morpho
|
itemiser_3
|
<a href="http://cwe.mitre.org/data/definitions/798.html" target="_blank">CWE-798: Use of Hard-coded Credentials</a>
|
NVD-CWE-Other
|
CVE-2014-2363
|
2014-07-29 02:45 |
2014-07-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243977
|
6.8 |
MEDIUM
|
siemens
|
simatic_pcs7 wincc
|
The Project administration application in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, has a hardcoded encryption key, which allows remote attackers to obtain sensitive infor…
|
NVD-CWE-Other
|
CVE-2014-4686
|
2014-07-25 23:59 |
2014-07-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243978
|
6.8 |
MEDIUM
|
siemens
|
simatic_pcs7 wincc
|
<a href="http://cwe.mitre.org/data/definitions/798.html" target="_blank">CWE-798: CWE-798: Use of Hard-coded Credentials</a>
|
NVD-CWE-Other
|
CVE-2014-4686
|
2014-07-25 23:59 |
2014-07-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243979
|
4.6 |
MEDIUM
|
siemens
|
simatic_pcs7 wincc
|
Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows local users to gain privileges by leveraging weak system-object access control.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-4685
|
2014-07-25 23:49 |
2014-07-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243980
|
6.0 |
MEDIUM
|
siemens
|
simatic_pcs7 wincc
|
The database server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a request to TCP port 1433.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-4684
|
2014-07-25 23:42 |
2014-07-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243981
|
4.9 |
MEDIUM
|
siemens
|
simatic_pcs7 wincc
|
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote authenticated users to gain privileges via a (1) HTTP or (2) HTTPS request.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-4683
|
2014-07-25 23:37 |
2014-07-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243982
|
5.0 |
MEDIUM
|
siemens
|
simatic_pcs7 wincc
|
The WebNavigator server in Siemens SIMATIC WinCC before 7.3, as used in PCS7 and other products, allows remote attackers to obtain sensitive information via an HTTP request.
|
CWE-200
情報漏えい
|
CVE-2014-4682
|
2014-07-25 23:27 |
2014-07-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243983
|
3.5 |
LOW
|
micropact
|
icomplaints
|
Cross-site scripting (XSS) vulnerability in AddStdLetter.jsp in MicroPact iComplaints before 8.0.2.1.8.8014 allows remote authenticated users to inject arbitrary web script or HTML via the descriptio…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-2971
|
2014-07-25 23:00 |
2014-07-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243984
|
7.6 |
HIGH
|
honeywell
|
falcon_xlweb_linux_controller falcon_xlweb_xlwebexe
|
Honeywell FALCON XLWeb Linux controller devices 2.04.01 and earlier and FALCON XLWeb XLWebExe controller devices 2.02.11 and earlier allow remote attackers to bypass authentication and obtain adminis…
|
NVD-CWE-Other
|
CVE-2014-2717
|
2014-07-25 22:52 |
2014-07-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243985
|
7.6 |
HIGH
|
honeywell
|
falcon_xlweb_linux_controller falcon_xlweb_xlwebexe
|
<a href="http://cwe.mitre.org/data/definitions/552.html" target="_blank">CWE-552: CWE-552: Files or Directories Accessible to External Parties</a>
|
NVD-CWE-Other
|
CVE-2014-2717
|
2014-07-25 22:52 |
2014-07-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243986
|
4.3 |
MEDIUM
|
huawei
|
e355_web_ui e355_firmware e355
|
Cross-site scripting (XSS) vulnerability in the web interface on the Huawei E355 CH1E355SM modem with software 21.157.37.01.910 and Web UI 11.001.08.00.03 allows remote attackers to inject arbitrary …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-2968
|
2014-07-25 03:49 |
2014-07-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243987
|
4.3 |
MEDIUM
|
huawei
|
e355_web_ui e355_firmware e355
|
Per: http://www.kb.cert.org/vuls/id/688812
"The following device configuration was reported to be vulnerable. Other versions may be affected:
Hardware version: CH1E355SM
Software version: 21.157.37…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-2968
|
2014-07-25 03:49 |
2014-07-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243988
|
6.0 |
MEDIUM
|
omron
|
ns_series_system_program_firmware ns10_hmi_terminal ns12_hmi_terminal ns15_hmi_terminal ns5_hmi_terminal ns8_hmi_terminal
|
Cross-site request forgery (CSRF) vulnerability in the web application on Omron NS5, NS8, NS10, NS12, and NS15 HMI terminals 8.1xx through 8.68x allows remote authenticated users to hijack the authen…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2014-2369
|
2014-07-25 03:29 |
2014-07-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243989
|
10.0 |
HIGH
|
attachmate
|
verastream_process_designer
|
Unrestricted file upload vulnerability in Attachmate Verastream Process Designer (VPD) before R6 SP1 Hotfix 1 allows remote attackers to execute arbitrary code by uploading and launching an executabl…
|
NVD-CWE-Other
|
CVE-2014-0607
|
2014-07-25 02:33 |
2014-07-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243990
|
10.0 |
HIGH
|
attachmate
|
verastream_process_designer
|
<a href="http://cwe.mitre.org/data/definitions/434.html" target="_blank">CWE-434: Unrestricted Upload of File with Dangerous Type</a>
|
NVD-CWE-Other
|
CVE-2014-0607
|
2014-07-25 02:33 |
2014-07-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243991
|
7.5 |
HIGH
|
yiiframework
|
yiiframework
|
The CDetailView widget in Yii PHP Framework 1.1.14 allows remote attackers to execute arbitrary PHP scripts via vectors related to the value property.
|
CWE-94
コード・インジェクション
|
CVE-2014-4672
|
2014-07-24 14:01 |
2014-07-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243992
|
7.5 |
HIGH
|
yiiframework
|
yiiframework
|
per http://www.yiiframework.com/news/78/yii-1-1-15-is-released-security-fix/:
"Note that the issue only affects 1.1.14. All previous releases are not affected"
|
CWE-94
コード・インジェクション
|
CVE-2014-4672
|
2014-07-24 14:01 |
2014-07-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243993
|
4.3 |
MEDIUM
|
symantec
|
data_insight
|
Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified fo…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-3432
|
2014-07-24 14:00 |
2014-06-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243994
|
4.3 |
MEDIUM
|
symantec
|
data_insight
|
Cross-site scripting (XSS) vulnerability in the management console in Symantec Data Insight 3.x and 4.x before 4.5 allows remote attackers to inject arbitrary web script or HTML via an unspecified fo…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-3433
|
2014-07-24 14:00 |
2014-06-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243995
|
7.8 |
HIGH
|
juniper
|
junos srx100 srx110 srx1400 srx210 srx220 srx240 srx3400 srx3600 srx550 srx5600 srx5800 srx650
|
Juniper Junos 12.1X46 before 12.1X46-D20 and 12.1X47 before 12.1X47-D10 on SRX Series devices allows remote attackers to cause a denial of service (flowd crash) via a crafted SIP packet.
|
CWE-20
不適切な入力確認
|
CVE-2014-3815
|
2014-07-24 14:00 |
2014-07-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243996
|
4.0 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Event Processing component in Oracle Fusion Middleware 11.1.1.7.0 allows remote authenticated users to affect integrity via vectors related to CEP system.
|
NVD-CWE-noinfo
|
CVE-2014-2424
|
2014-07-24 13:59 |
2014-04-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243997
|
4.0 |
MEDIUM
|
hp
|
release_control
|
Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to obtain sens…
|
NVD-CWE-noinfo
|
CVE-2014-2612
|
2014-07-24 13:59 |
2014-06-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243998
|
9.0 |
HIGH
|
hp
|
release_control
|
Unspecified vulnerability in HP Release Control 9.x before 9.13 p3 and 9.2x before RC 9.21.0003 p1 on Windows and 9.2x before RC 9.21.0002 p1 on Linux allows remote authenticated users to gain privil…
|
NVD-CWE-noinfo
|
CVE-2014-2613
|
2014-07-24 13:59 |
2014-06-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
243999
|
7.9 |
HIGH
|
symantec
|
workspace_streaming
|
The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-1649
|
2014-07-24 13:58 |
2014-05-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244000
|
4.3 |
MEDIUM
|
happyworm
|
jplayer
|
Cross-site scripting (XSS) vulnerability in actionscript/Jplayer.as in the Flash SWF component (jplayer.swf) in jPlayer before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-2023
|
2014-07-24 13:49 |
2013-08-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|