244101
|
5.0 |
MEDIUM
|
cisco
|
cisco_nexus_1000v_intercloud
|
Cisco Nexus 1000V InterCloud 5.2(1)IC1(1.2) and earlier for VMware allows remote attackers to bypass ACL deny statements via crafted (1) IGMPv2 or (2) IGMPv3 packets, aka Bug ID CSCug61691.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-0685
|
2014-05-8 01:05 |
2014-05-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244102
|
4.6 |
MEDIUM
|
cisco
|
nx-os nexus_7000 nexus_7000_10-slot nexus_7000_18-slot nexus_7000_9-slot
|
Cisco NX-OS 6.2(2) on Nexus 7000 switches allows local users to cause a denial of service via crafted sed input, aka Bug ID CSCui56136.
|
CWE-20
不適切な入力確認
|
CVE-2014-0684
|
2014-05-8 00:48 |
2014-05-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244103
|
4.4 |
MEDIUM
|
ayatana_project canonical
|
unity ubuntu_linux
|
Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate attackers to bypass the lock screen and ex…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-3203
|
2014-05-7 23:09 |
2014-05-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244104
|
4.4 |
MEDIUM
|
ayatana_project canonical
|
unity ubuntu_linux
|
Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle keyboard shortcuts, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demo…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-3204
|
2014-05-7 23:09 |
2014-05-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244105
|
4.4 |
MEDIUM
|
ayatana_project
|
unity
|
Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-3202
|
2014-05-7 22:43 |
2014-05-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244106
|
6.5 |
MEDIUM
|
skyphe
|
file-gallery
|
The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting field…
|
CWE-94
コード・インジェクション
|
CVE-2014-2558
|
2014-05-7 22:23 |
2014-05-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244107
|
6.4 |
MEDIUM
|
mongodb
|
mongodb
|
The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON obj…
|
CWE-20
不適切な入力確認
|
CVE-2012-6619
|
2014-05-7 12:45 |
2014-03-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244108
|
4.4 |
MEDIUM
|
nagios
|
plugins
|
The IPXPING_COMMAND in contrib/check_ipxping.c in Nagios Plugins 1.4.16 allows local users to gain privileges via a symlink attack on /tmp/ipxping/ipxping.
|
CWE-59
リンク解釈の問題
|
CVE-2013-4215
|
2014-05-7 04:10 |
2014-05-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244109
|
4.3 |
MEDIUM
|
redhat
|
jboss_web_framework_kit
|
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Web Framework Kit 2.5.0 allow remote attackers to inject arbitrary web script or HTML via a (1) parameter or (2) id name.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-0149
|
2014-05-7 04:07 |
2014-05-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244110
|
3.5 |
LOW
|
amtelco
|
misecuremessages
|
Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-2347
|
2014-05-6 22:16 |
2014-05-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244111
|
6.3 |
MEDIUM
|
david_leonard
|
pkstat
|
tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log.
|
CWE-59
リンク解釈の問題
|
CVE-2013-0350
|
2014-05-6 02:27 |
2014-05-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244112
|
4.3 |
MEDIUM
|
randall_hand fedoraproject
|
yerase\'s_tnef_stream_reader fedora
|
Off-by-one error in the DecompressRTF function in ytnef.c in Yerase's TNEF Stream Reader allows remote attackers to cause a denial of service (crash) via a crafted TNEF file, which triggers a buffer …
|
CWE-189
数値処理の問題
|
CVE-2010-5109
|
2014-05-6 02:19 |
2014-05-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244113
|
4.3 |
MEDIUM
|
conceptronic
|
c54apm_firmware c54apm
|
CRLF injection vulnerability in goform/formWlSiteSurvey on the Conceptronic C54APM access point with runtime code 1.26 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP respon…
|
CWE-20
不適切な入力確認
|
CVE-2014-1406
|
2014-05-6 00:29 |
2014-01-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244114
|
7.8 |
HIGH
|
conceptronic
|
c54apm_firmware c54apm
|
The Conceptronic C54APM access point with runtime code 1.26 has a default password of admin for the admin account, which makes it easier for remote attackers to obtain access via an HTTP request, as …
|
CWE-255
証明書・パスワード管理
|
CVE-2014-1408
|
2014-05-6 00:28 |
2014-01-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244115
|
6.8 |
MEDIUM
|
technicolor
|
tc7200_firmware tc7200
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Technicolor (formerly Thomson) TC7200 STD6.01.12 allow remote attackers to hijack the authentication of administrators for requests that …
|
CWE-352
同一生成元ポリシー違反
|
CVE-2014-0621
|
2014-05-6 00:23 |
2014-01-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244116
|
5.8 |
MEDIUM
|
freebsd
|
freebsd
|
The device file system (aka devfs) in FreeBSD 10.0 before p2 does not load default rulesets when booting, which allows context-dependent attackers to bypass intended restrictions by leveraging a jail…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-3001
|
2014-05-5 23:54 |
2014-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244117
|
7.5 |
HIGH
|
dynamixsolutions
|
arabic_prawn
|
lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable.
|
NVD-CWE-Other
|
CVE-2014-2322
|
2014-05-5 22:47 |
2014-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244118
|
7.5 |
HIGH
|
dynamixsolutions
|
arabic_prawn
|
Per: https://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
NVD-CWE-Other
|
CVE-2014-2322
|
2014-05-5 22:47 |
2014-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244119
|
7.5 |
HIGH
|
unitrends
|
enterprise_backup
|
recoveryconsole/bpl/snmpd.php in Unitrends Enterprise Backup 7.3.0 allows remote attackers to bypass authentication by setting the auth parameter to a certain string.
|
CWE-287
不適切な認証
|
CVE-2014-3139
|
2014-05-5 21:57 |
2014-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244120
|
3.5 |
LOW
|
otrs
|
otrs
|
Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote authenticated users to inject arbitrary we…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-2553
|
2014-05-5 14:34 |
2014-04-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244121
|
7.8 |
HIGH
|
hp
|
integrated_lights-out_2_firmware
|
The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 v…
|
NVD-CWE-noinfo
|
CVE-2014-2601
|
2014-05-5 14:34 |
2014-04-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244122
|
5.0 |
MEDIUM
|
juniper
|
junos
|
Juniper Junos before 11.4R11, 12.1 before 12.1R9, 12.2 before 12.2R7, 12.3R4 before 12.3R4-S3, 13.1 before 13.1R4, 13.2 before 13.2R2, and 13.3 before 13.3R1, as used in MX Series and T4000 routers, …
|
NVD-CWE-noinfo
|
CVE-2014-2713
|
2014-05-5 14:34 |
2014-04-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244123
|
7.8 |
HIGH
|
igniterealtime
|
openfire
|
nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-2741
|
2014-05-5 14:34 |
2014-04-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244124
|
6.4 |
MEDIUM
|
misli
|
misli.com_app
|
The Misli.com application for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted cer…
|
CWE-310
暗号の問題
|
CVE-2014-2992
|
2014-05-5 14:34 |
2014-04-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244125
|
4.3 |
MEDIUM
|
apple
|
mac_os_x
|
curl and libcurl 7.27.0 through 7.35.0, when using the SecureTransport/Darwinssl backend, as used in in Apple OS X 10.9.x before 10.9.2, does not verify that the server hostname matches a domain name…
|
CWE-310
暗号の問題
|
CVE-2014-1263
|
2014-05-5 14:32 |
2014-02-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244126
|
3.0 |
LOW
|
toshibacommerce
|
4690_point_of_sale_operating_system
|
The default configuration of IBM 4690 OS, as used in Toshiba Global Commerce Solutions 4690 POS and other products, hashes passwords with the ADXCRYPT algorithm, which makes it easier for context-dep…
|
CWE-310
暗号の問題
|
CVE-2014-0361
|
2014-05-5 14:31 |
2014-04-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244127
|
5.0 |
MEDIUM
|
adcisolutions
|
node_view_permissions
|
The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by rea…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5965
|
2014-05-5 14:28 |
2013-10-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244128
|
5.8 |
MEDIUM
|
apache
|
struts
|
Apache Struts 2.0.0 through 2.3.15.1 allows remote attackers to bypass access controls via a crafted action: prefix.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-4310
|
2014-05-5 14:25 |
2013-10-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244129
|
4.3 |
MEDIUM
|
matrix42
|
service_store
|
Cross-site scripting (XSS) vulnerability in SPS/Portal/default.aspx in Service Desk in Matrix42 Service Store 5.3 SP3 (aka 5.33.946.0) allows remote attackers to inject arbitrary web script or HTML v…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-2504
|
2014-05-5 14:22 |
2013-12-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244130
|
2.1 |
LOW
|
openstack
|
keystone
|
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by readin…
|
CWE-200
情報漏えい
|
CVE-2013-2006
|
2014-05-5 14:21 |
2013-05-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244131
|
2.1 |
LOW
|
openstack
|
compute folsom grizzly havana
|
keystone/middleware/auth_token.py in OpenStack Nova Folsom, Grizzly, and Havana uses an insecure temporary directory for storing signing certificates, which allows local users to spoof servers by pre…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-2030
|
2014-05-5 14:21 |
2013-12-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244132
|
7.6 |
HIGH
|
emc
|
alphastor
|
Buffer overflow in Drive Control Program (DCP) in EMC AlphaStor 4.0 before build 814 allows remote attackers to execute arbitrary code via vectors involving a new device name.
|
CWE-119
バッファエラー
|
CVE-2013-0930
|
2014-05-5 14:19 |
2013-02-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244133
|
4.3 |
MEDIUM
|
netshinesoftware
|
com_netinvoice
|
Cross-site scripting (XSS) vulnerability in the nBill (com_nbill) component 2.3.2 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the message parameter in an income act…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-6514
|
2014-05-5 14:17 |
2013-01-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244134
|
10.0 |
HIGH
|
3s-software
|
codesys_runtime_system
|
The Runtime Toolkit in CODESYS Runtime System 2.3.x and 2.4.x does not require authentication, which allows remote attackers to (1) execute commands via the command-line interface in the TCP listener…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-6068
|
2014-05-5 14:16 |
2013-01-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244135
|
1.9 |
LOW
|
xen
|
xen
|
Xen 4.0, and 4.1, when running a 64-bit PV guest on "older" AMD CPUs, does not properly protect against a certain AMD processor bug, which allows local guest OS users to cause a denial of service (ho…
|
NVD-CWE-noinfo
|
CVE-2012-2934
|
2014-05-5 14:11 |
2012-12-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244136
|
1.9 |
LOW
|
canonical
|
update-manager ubuntu_linux
|
DistUpgrade/DistUpgradeViewKDE.py in Update Manager before 1:0.87.31.1, 1:0.134.x before 1:0.134.11.1, 1:0.142.x before 1:0.142.23.1, 1:0.150.x before 1:0.150.5.1, and 1:0.152.x before 1:0.152.25.5 d…
|
CWE-59
リンク解釈の問題
|
CVE-2011-3154
|
2014-05-5 13:59 |
2014-04-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244137
|
7.1 |
HIGH
|
emc
|
avamar
|
Unspecified vulnerability in EMC Avamar 4.1.x and 5.0 before SP1 allows remote attackers to cause a denial of service (gsan service hang) by sending a crafted message using TCP.
|
NVD-CWE-noinfo
|
CVE-2010-1919
|
2014-05-5 13:43 |
2010-05-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244138
|
7.8 |
HIGH
|
cisco
|
telepresence_tc_software telepresence_te_software
|
Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allow remote attackers to cause a denial of service (memory consumption) via crafted H.225 packets, aka Bug ID CSCtq78849.
|
CWE-20
不適切な入力確認
|
CVE-2014-2175
|
2014-05-3 03:17 |
2014-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244139
|
7.2 |
HIGH
|
cisco
|
telepresence_te_software telepresence_tc_software
|
Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 do not properly restrict access to the serial port, which allows local users to gain privileges via unspecified commands, aka Bu…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-2173
|
2014-05-3 03:15 |
2014-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244140
|
7.8 |
HIGH
|
cisco
|
telepresence_tc_software telepresence_te_software
|
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug …
|
CWE-20
不適切な入力確認
|
CVE-2014-2162
|
2014-05-3 03:14 |
2014-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244141
|
7.8 |
HIGH
|
cisco
|
telepresence_tc_software telepresence_te_software
|
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCua…
|
CWE-20
不適切な入力確認
|
CVE-2014-2163
|
2014-05-3 03:13 |
2014-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244142
|
7.8 |
HIGH
|
cisco
|
telepresence_te_software telepresence_tc_software
|
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug …
|
CWE-20
不適切な入力確認
|
CVE-2014-2164
|
2014-05-3 03:13 |
2014-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244143
|
7.8 |
HIGH
|
cisco
|
telepresence_te_software telepresence_tc_software
|
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug …
|
CWE-20
不適切な入力確認
|
CVE-2014-2165
|
2014-05-3 03:12 |
2014-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244144
|
7.8 |
HIGH
|
cisco
|
telepresence_tc_software telepresence_te_software
|
The SIP implementation in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug …
|
CWE-20
不適切な入力確認
|
CVE-2014-2167
|
2014-05-3 03:12 |
2014-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244145
|
7.6 |
HIGH
|
cisco
|
telepresence_te_software telepresence_tc_software
|
Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows remote attackers to execute arbitrary code via crafted DNS response packets, aka Bug ID CSCty44804.
|
CWE-119
バッファエラー
|
CVE-2014-2168
|
2014-05-3 03:11 |
2014-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244146
|
9.0 |
HIGH
|
cisco
|
telepresence_tc_software telepresence_te_software
|
Cisco TelePresence TC Software 4.x through 6.x before 6.2.0 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as arguments to internal s…
|
CWE-20
不適切な入力確認
|
CVE-2014-2169
|
2014-05-3 03:11 |
2014-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244147
|
10.0 |
HIGH
|
cisco
|
telepresence_te_software telepresence_tc_software
|
Heap-based buffer overflow in Cisco TelePresence TC Software 4.x through 6.x before 6.0.1 and TE Software 4.x and 6.0.x before 6.0.2 allows remote attackers to execute arbitrary code via crafted SIP …
|
CWE-119
バッファエラー
|
CVE-2014-2171
|
2014-05-3 03:10 |
2014-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244148
|
6.6 |
MEDIUM
|
cisco
|
telepresence_tc_software telepresence_te_software
|
Buffer overflow in Cisco TelePresence TC Software 4.x and 5.x and TE Software 4.x and 6.0 allows local users to gain privileges by leveraging improper handling of the u-boot compiler flag for interna…
|
CWE-119
バッファエラー
|
CVE-2014-2172
|
2014-05-3 03:09 |
2014-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244149
|
9.0 |
HIGH
|
cisco
|
telepresence_te_software telepresence_tc_software
|
Cisco TelePresence TC Software 4.x and 5.x before 5.1.7 and 6.x before 6.0.1 and TE Software 4.x and 6.0 allow remote authenticated users to execute arbitrary commands by using the commands as argume…
|
CWE-94
コード・インジェクション
|
CVE-2014-2170
|
2014-05-3 03:00 |
2014-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244150
|
7.8 |
HIGH
|
cisco
|
telepresence_tc_software telepresence_te_software
|
The SIP implementation in Cisco TelePresence TC Software 4.x and TE Software 4.x allows remote attackers to cause a denial of service (device reload) via crafted SIP packets, aka Bug ID CSCto70562.
|
CWE-20
不適切な入力確認
|
CVE-2014-2166
|
2014-05-3 02:41 |
2014-05-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|