|
289361
|
- |
|
avamar_virtual_edition
|
7.0.2-43
7.0
6.0
6.0.402
|
EMC Avamar Data Store (ADS) and Avamar Virtual Edition (AVE) 6.x and 7.0.x through 7.0.2-43 do not require authentication for Java API calls, which allows remote attackers to discover grid MCUser and…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4624
|
2024-11-21 11:10 |
2014-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289362
|
- |
|
emc
|
avamar
|
EMC Avamar 6.0.x, 6.1.x, and 7.0.x in Avamar Data Store (ADS) GEN4(S) and Avamar Virtual Edition (AVE), when Password Hardening before 2.0.0.4 is enabled, uses UNIX DES crypt for password hashing, wh…
|
CWE-310
Cryptographic Issues
|
CVE-2014-4623
|
2024-11-21 11:10 |
2014-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289363
|
- |
|
meditech
emc
|
meditech
networker
|
The EMC NetWorker Module for MEDITECH (aka NMMEDI) 3.0 build 87 through 90, when EMC RecoverPoint and Plink are used, stores cleartext RecoverPoint Appliance credentials in nsrmedisv.raw log files, w…
|
CWE-200
Information Exposure
|
CVE-2014-4620
|
2024-11-21 11:10 |
2014-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289364
|
- |
|
ibm
|
classic_meeting_server
|
IBM Sametime Classic Meeting Server 8.0.x and 8.5.x allows remote attackers to obtain sensitive information by reading an exported Record and Playback (RAP) file.
|
CWE-200
Information Exposure
|
CVE-2014-4766
|
2024-11-21 11:10 |
2014-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289365
|
- |
|
apple
|
iphone_os
|
The QuickType feature in the Keyboards subsystem in Apple iOS before 8.1 collects typing-prediction data from fields with an off autocomplete attribute, which makes it easier for attackers to discove…
|
CWE-255
Credentials Management
|
CVE-2014-4450
|
2024-11-21 11:10 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289366
|
- |
|
apple
|
iphone_os
|
iCloud Data Access in Apple iOS before 8.1 does not verify X.509 certificates from TLS servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafte…
|
CWE-310
Cryptographic Issues
|
CVE-2014-4449
|
2024-11-21 11:10 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289367
|
- |
|
apple
|
iphone_os
|
House Arrest in Apple iOS before 8.1 relies on the hardware UID for its encryption key, which makes it easier for physically proximate attackers to obtain sensitive information from a Documents direc…
|
CWE-310
Cryptographic Issues
|
CVE-2014-4448
|
2024-11-21 11:10 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289368
|
- |
|
websupporter
|
wp_amasin_-_the_amazon_affiliate_shop
|
Absolute path traversal vulnerability in reviews.php in the WP AmASIN - The Amazon Affiliate Shop plugin 0.9.6 and earlier for WordPress allows remote attackers to read arbitrary files via a full pat…
|
CWE-22
Path Traversal
|
CVE-2014-4577
|
2024-11-21 11:10 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289369
|
- |
|
cbi_referral_manager_project
|
cbi_referral_manager
|
Cross-site scripting (XSS) vulnerability in getNetworkSites.php in the CBI Referral Manager plugin 1.2.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via t…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4517
|
2024-11-21 11:10 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289370
|
- |
|
alipay_project
|
alipay
|
Cross-site scripting (XSS) vulnerability in includes/api_tenpay/inc.tenpay_notify.php in the Alipay plugin 3.6.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HT…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4514
|
2024-11-21 11:10 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
