|
290061
|
- |
|
zte
|
zxv10_w300
|
The TELNET service on the ZTE ZXV10 W300 router 2.1.0 has a hardcoded password ending with airocon for the admin account, which allows remote attackers to obtain administrative access by leveraging k…
|
CWE-255
Credentials Management
|
CVE-2014-0329
|
2024-11-21 11:01 |
2014-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290062
|
- |
|
haxx
|
libcurl
curl
|
cURL and libcurl 7.10.6 through 7.34.0, when more than one authentication method is enabled, re-uses NTLM connections, which might allow context-dependent attackers to authenticate as other users via…
|
CWE-287
Improper Authentication
|
CVE-2014-0015
|
2024-11-21 11:01 |
2014-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290063
|
- |
|
mariadb
redhat
oracle
|
mariadb
enterprise_linux
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
mysql
|
Buffer overflow in client/mysql.cc in Oracle MySQL and MariaDB before 5.5.35 allows remote database servers to cause a denial of service (crash) and possibly execute arbitrary code via a long server …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0001
|
2024-11-21 11:01 |
2014-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290064
|
- |
|
baseurl
|
yum
|
The installUpdates function in yum-cron/yum-cron.py in yum 3.4.3 and earlier does not properly check the return value of the sigCheckPkg function, which allows remote attackers to bypass the RMP pack…
|
CWE-20
Improper Input Validation
|
CVE-2014-0022
|
2024-11-21 11:01 |
2014-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290065
|
- |
|
cmu
|
flite
|
The play_wave_from_socket function in audio/auserver.c in Flite 1.4 allows local users to modify arbitrary files via a symlink attack on /tmp/awb.wav. NOTE: some of these details are obtained from t…
|
CWE-59
Link Following
|
CVE-2014-0027
|
2024-11-21 11:01 |
2014-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290066
|
- |
|
redhat
|
libvirt
|
libvirt 1.1.1 through 1.2.0 allows context-dependent attackers to bypass the domain:getattr and connect:search_domains restrictions in ACLs and obtain sensitive domain object information via a reques…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0028
|
2024-11-21 11:01 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290067
|
- |
|
openstack
|
swift
|
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timin…
|
CWE-200
Information Exposure
|
CVE-2014-0006
|
2024-11-21 11:01 |
2014-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290068
|
- |
|
moodle
fedoraproject
|
moodle
fedora
|
Multiple cross-site request forgery (CSRF) vulnerabilities in user/profile/index.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 allo…
|
CWE-352
Origin Validation Error
|
CVE-2014-0010
|
2024-11-21 11:01 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290069
|
- |
|
moodle
|
moodle
|
course/loginas.php in Moodle through 2.2.11, 2.3.x before 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 does not enforce the moodle/site:accessallgroups capability requiremen…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0009
|
2024-11-21 11:01 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290070
|
- |
|
moodle
|
moodle
|
lib/adminlib.php in Moodle through 2.3.11, 2.4.x before 2.4.8, 2.5.x before 2.5.4, and 2.6.x before 2.6.1 logs cleartext passwords, which allows remote authenticated administrators to obtain sensitiv…
|
CWE-255
Credentials Management
|
CVE-2014-0008
|
2024-11-21 11:01 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
