|
290151
|
- |
|
apache
|
activemq
|
The LDAPLoginModule implementation in the Java Authentication and Authorization Service (JAAS) in Apache ActiveMQ 5.x before 5.10.1 allows remote attackers to bypass authentication by logging in with…
|
CWE-287
Improper Authentication
|
CVE-2014-3612
|
2024-11-21 11:08 |
2015-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290152
|
7.5 |
HIGH
Network
|
apache
oracle
|
activemq
business_intelligence_publisher
fusion_middleware
|
The processControlCommand function in broker/TransportConnection.java in Apache ActiveMQ before 5.11.0 allows remote attackers to cause a denial of service (shutdown) via a shutdown command.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3576
|
2024-11-21 11:08 |
2015-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290153
|
- |
|
theforeman
|
foreman
|
Cross-site scripting (XSS) vulnerability in the template preview function in Foreman before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via a crafted provisioning template.
|
CWE-79
Cross-site Scripting
|
CVE-2014-3653
|
2024-11-21 11:08 |
2015-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290154
|
- |
|
opensuse
python
|
opensuse
pillow
|
The Jpeg2KImagePlugin plugin in Pillow before 2.5.3 allows remote attackers to cause a denial of service via a crafted image.
|
CWE-399
Resource Management Errors
|
CVE-2014-3598
|
2024-11-21 11:08 |
2015-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290155
|
- |
|
redhat
|
jboss_enterprise_application_platform
|
The default configuration for the Command Line Interface in Red Hat Enterprise Application Platform before 6.4.0 and WildFly (formerly JBoss Application Server) uses weak permissions for .jboss-cli-h…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3586
|
2024-11-21 11:08 |
2015-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290156
|
- |
|
opensuse
gluster
|
opensuse
glusterfs
|
The __socket_proto_state_machine function in GlusterFS 3.5 allows remote attackers to cause a denial of service (infinite loop) via a "00000000" fragment header.
|
CWE-399
Resource Management Errors
|
CVE-2014-3619
|
2024-11-21 11:08 |
2015-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290157
|
- |
|
redhat
theforeman
|
openstack
foreman
|
Smart Proxy (aka Smart-Proxy and foreman-proxy) in Foreman before 1.5.4 and 1.6.x before 1.6.2 does not validate SSL certificates, which allows remote attackers to bypass intended authentication and …
|
CWE-310
Cryptographic Issues
|
CVE-2014-3691
|
2024-11-21 11:08 |
2015-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290158
|
- |
|
redhat
|
jbpm-designer
|
XML external entity (XXE) vulnerability in the JBPMBpmn2ResourceImpl function in designer/bpmn2/resource/JBPMBpmn2ResourceImpl.java in jbpm-designer 6.0.x and 6.2.x allows remote attackers to read ar…
|
NVD-CWE-Other
|
CVE-2014-3682
|
2024-11-21 11:08 |
2015-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290159
|
- |
|
pivotal_software
|
spring_framework
|
Directory traversal vulnerability in Pivotal Spring Framework 3.x before 3.2.9 and 4.0 before 4.0.5 allows remote attackers to read arbitrary files via a crafted URL.
|
CWE-22
Path Traversal
|
CVE-2014-3578
|
2024-11-21 11:08 |
2015-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290160
|
- |
|
broadcom
symantec
|
symantec_critical_system_protection
data_center_security
|
The Agent Control Interface in the management server in Symantec Critical System Protection (SCSP) 5.2.9 before MP6 and Symantec Data Center Security: Server Advanced (SDCS:SA) 6.0.x before 6.0 MP1 a…
|
CWE-20
Improper Input Validation
|
CVE-2014-3440
|
2024-11-21 11:08 |
2015-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
