|
289321
|
7.5 |
HIGH
Network
|
eshtery.she7ata
|
eshtery_cms
|
Absolute path traversal vulnerability in Eshtery CMS allows remote attackers to read arbitrary files via a full pathname in the file parameter to FileManager.aspx.
|
CWE-22
Path Traversal
|
CVE-2014-2069
|
2024-11-21 11:05 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289322
|
5.3 |
MEDIUM
Network
|
open-xchange
|
open-xchange_appsuite
|
The backend in Open-Xchange (OX) AppSuite 7.4.2 before 7.4.2-rev9 allows remote attackers to obtain sensitive information about user email addresses in opportunistic circumstances by leveraging a fai…
|
CWE-200
Information Exposure
|
CVE-2014-2078
|
2024-11-21 11:05 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289323
|
9.8 |
CRITICAL
Network
|
3ds
|
catia
|
Stack-based buffer overflow in Dassault Systemes CATIA V5-6R2013 allows remote attackers to execute arbitrary code via a crafted packet, related to "CATV5_Backbone_Bus."
|
CWE-787
Out-of-bounds Write
|
CVE-2014-2073
|
2024-11-21 11:05 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289324
|
8.8 |
HIGH
Network
|
opendocman
|
opendocman
|
OpenDocMan 1.2.7 and earlier does not properly validate allowed actions, which allows remote authenticated users to bypass an intended access restrictions and assign administrative privileges to them…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1946
|
2024-11-21 11:05 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289325
|
6.5 |
MEDIUM
Network
|
buddypress
|
buddypress
|
The Group creation process in the Buddypress plugin before 1.9.2 for WordPress allows remote authenticated users to gain control of arbitrary groups by leveraging a missing permissions check.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1889
|
2024-11-21 11:05 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289326
|
9.8 |
CRITICAL
Network
|
owncloud
|
owncloud
|
The user_openid app in ownCloud Server before 5.0.15 allows remote attackers to obtain access by leveraging an insecure OpenID implementation.
|
CWE-284
Improper Access Control
|
CVE-2014-2048
|
2024-11-21 11:05 |
2018-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289327
|
5.9 |
MEDIUM
Network
|
maradns_project
deadwood_project
|
maradns
deadwood
|
Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging…
|
CWE-20
CWE-125
Improper Input Validation
Out-of-bounds Read
|
CVE-2014-2032
|
2024-11-21 11:05 |
2018-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289328
|
5.9 |
MEDIUM
Network
|
maradns_project
deadwood_project
|
maradns
deadwood
|
Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging…
|
CWE-125
Out-of-bounds Read
|
CVE-2014-2031
|
2024-11-21 11:05 |
2018-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289329
|
8.8 |
HIGH
Network
|
subscribe_to_comments_reloaded_project
|
subscribe_to_comments_reloaded
|
Cross-site request forgery (CSRF) vulnerability in the Subscribe To Comments Reloaded plugin before 140219 for WordPress allows remote attackers to hijack the authentication of administrators for req…
|
CWE-352
Origin Validation Error
|
CVE-2014-2274
|
2024-11-21 11:05 |
2018-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289330
|
7.8 |
HIGH
Local
|
echor_project
|
echor
|
The perform_request function in /lib/echor/backplane.rb in echor 0.1.6 Ruby Gem allows local users to steal the login credentials by watching the process table.
|
CWE-255
Credentials Management
|
CVE-2014-1835
|
2024-11-21 11:05 |
2018-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
