|
291831
|
6.1 |
MEDIUM
Network
|
remarkable_project
|
remarkable
|
Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content.
|
CWE-79
Cross-site Scripting
|
CVE-2014-10065
|
2024-11-21 11:03 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291832
|
7.5 |
HIGH
Network
|
qs_project
|
qs
|
The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of t…
|
CWE-399
Resource Management Errors
|
CVE-2014-10064
|
2024-11-21 11:03 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291833
|
7.5 |
HIGH
Network
|
hapi
|
inert
|
The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false.
|
CWE-22
Path Traversal
|
CVE-2014-10068
|
2024-11-21 11:03 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291834
|
5.9 |
MEDIUM
Network
|
paypal-ipn_project
|
paypal-ipn
|
paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attack…
|
CWE-287
Improper Authentication
|
CVE-2014-10067
|
2024-11-21 11:03 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291835
|
7.1 |
HIGH
Network
|
ibm
|
rational_clearquest
|
Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rationa…
|
CWE-611
XXE
|
CVE-2014-0950
|
2024-11-21 11:03 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291836
|
9.1 |
CRITICAL
Network
|
ibm
|
rational_clearcase
|
Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) C…
|
CWE-611
XXE
|
CVE-2014-0931
|
2024-11-21 11:03 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291837
|
8.1 |
HIGH
Network
|
ibm
|
sterling_b2b_integrator
sterling_file_gateway
|
The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port…
|
CWE-287
Improper Authentication
|
CVE-2014-0927
|
2024-11-21 11:03 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291838
|
5.3 |
MEDIUM
Network
|
ibm
|
sterling_b2b_integrator
sterling_file_gateway
|
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive product information via vectors related to an error page. IBM X-Force ID: 9207…
|
CWE-200
Information Exposure
|
CVE-2014-0912
|
2024-11-21 11:03 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291839
|
8.8 |
HIGH
Network
|
google
|
android
|
The Device Administrator code in Android before 4.4.1_r1 might allow attackers to spoof device administrators and consequently bypass MDM restrictions by leveraging failure to update the mAdminMap da…
|
CWE-20
Improper Input Validation
|
CVE-2014-0900
|
2024-11-21 11:03 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291840
|
7.5 |
HIGH
Network
|
wpitchoune
debian
|
psensor
debian_linux
|
The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory.
|
CWE-22
Path Traversal
|
CVE-2014-10073
|
2024-11-21 11:03 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
