|
290371
|
- |
|
microsoft
|
windows_server_2008
windows_server_2012
windows_rt
windows_8.1
windows_7
windows_rt_8.1
windows_vista
windows_8
windows_server_2003
|
The Windows Installer in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1814
|
2024-11-21 11:05 |
2014-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290372
|
- |
|
ui
|
unifi_controller
|
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
|
CWE-255
Credentials Management
|
CVE-2014-2226
|
2024-11-21 11:05 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290373
|
- |
|
ui
|
unifi_video
|
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2227
|
2024-11-21 11:05 |
2014-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290374
|
- |
|
fuelphp
|
fuelphp
|
The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response.
|
CWE-94
Code Injection
|
CVE-2014-1999
|
2024-11-21 11:05 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290375
|
- |
|
cybozu
|
garoon
|
Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1996
|
2024-11-21 11:05 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290376
|
- |
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspe…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1995
|
2024-11-21 11:05 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290377
|
- |
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified ve…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1994
|
2024-11-21 11:05 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290378
|
- |
|
cybozu
|
garoon
|
The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1993
|
2024-11-21 11:05 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290379
|
- |
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1992
|
2024-11-21 11:05 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290380
|
- |
|
cybozu
|
garoon
|
The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors.
|
CWE-78
OS Command
|
CVE-2014-1987
|
2024-11-21 11:05 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
