|
289801
|
- |
|
jolokia
|
jolokia
|
Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page.
|
CWE-352
Origin Validation Error
|
CVE-2014-0168
|
2024-11-21 11:01 |
2014-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289802
|
- |
|
redhat
|
cloudforms_3.0.5_management_engine
cloudforms_3.0.4_management_engine
cloudforms_3.0.3_management_engine
cloudforms_3.0.2_management_engine
cloudforms_3.0.1_management_engine
cloudform…
|
Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0140
|
2024-11-21 11:01 |
2014-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289803
|
- |
|
apache
|
shiro
|
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.
|
CWE-287
Improper Authentication
|
CVE-2014-0074
|
2024-11-21 11:01 |
2014-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289804
|
- |
|
redhat
jboss
|
jboss_data_virtualization
teiid
|
Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XM…
|
NVD-CWE-Other
|
CVE-2014-0170
|
2024-11-21 11:01 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289805
|
- |
|
linux
|
linux_kernel
|
The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0205
|
2024-11-21 11:01 |
2014-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289806
|
- |
|
fortinet
|
fortios
|
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-midd…
|
CWE-310
Cryptographic Issues
|
CVE-2014-0351
|
2024-11-21 11:01 |
2014-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289807
|
- |
|
ovirt
|
ovirt
|
The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page.
|
CWE-200
Information Exposure
|
CVE-2014-0153
|
2024-11-21 11:01 |
2014-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289808
|
- |
|
ovirt
redhat
|
ovirt
ovirt-engine
|
Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2014-0152
|
2024-11-21 11:01 |
2014-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289809
|
- |
|
apache
|
ofbiz
|
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0232
|
2024-11-21 11:01 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289810
|
- |
|
iridium
|
open_port
pilot_below_deck_equipment
|
The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allows remote attackers to execute arbitrary code by uploading new firmwa…
|
NVD-CWE-Other
|
CVE-2014-0327
|
2024-11-21 11:01 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
