|
290931
|
- |
|
redhat
|
rhevm-reports
|
The Red Hat Enterprise Virtualization Manager reports (rhevm-reports) package before 3.3.3-1 uses world-readable permissions on the datasource configuration file (js-jboss7-ds.xml), which allows loca…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0200
|
2024-11-21 11:01 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290932
|
- |
|
redhat
|
rhevm-reports
|
The setup script in ovirt-engine-reports, as used in the Red Hat Enterprise Virtualization reports (rhevm-reports) package before 3.3.3, stores the reports database password in cleartext, which allow…
|
CWE-310
Cryptographic Issues
|
CVE-2014-0199
|
2024-11-21 11:01 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290933
|
- |
|
samba
|
samba
|
The internal DNS server in Samba 4.x before 4.0.18 does not check the QR field in the header section of an incoming DNS message before sending a response, which allows remote attackers to cause a den…
|
CWE-20
Improper Input Validation
|
CVE-2014-0239
|
2024-11-21 11:01 |
2014-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290934
|
- |
|
samba
|
samba
|
Samba 3.6.6 through 3.6.23, 4.0.x before 4.0.18, and 4.1.x before 4.1.8, when a certain vfs shadow copy configuration is enabled, does not properly initialize the SRV_SNAPSHOT_ARRAY response field, w…
|
CWE-665
Improper Initialization
|
CVE-2014-0178
|
2024-11-21 11:01 |
2014-05-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290935
|
- |
|
modwsgi
|
mod_wsgi
|
The mod_wsgi module before 3.5 for Apache, when daemon mode is enabled, does not properly handle error codes returned by setuid when run on certain Linux kernels, which allows local users to gain pri…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0240
|
2024-11-21 11:01 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290936
|
- |
|
github
|
hub
|
The am function in lib/hub/commands.rb in hub before 1.12.1 allows local users to overwrite arbitrary files via a symlink attack on a temporary patch file.
|
CWE-310
Cryptographic Issues
|
CVE-2014-0177
|
2024-11-21 11:01 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290937
|
- |
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerability in the URL downloader repository in repository/url/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows re…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0218
|
2024-11-21 11:01 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290938
|
- |
|
moodle
|
moodle
|
enrol/index.php in Moodle 2.6.x before 2.6.3 does not check for the moodle/course:viewhiddencourses capability before listing hidden courses, which allows remote attackers to obtain sensitive name an…
|
CWE-200
Information Exposure
|
CVE-2014-0217
|
2024-11-21 11:01 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290939
|
- |
|
moodle
|
moodle
|
The My Home implementation in the block_html_pluginfile function in blocks/html/lib.php in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 does not properly res…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0216
|
2024-11-21 11:01 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290940
|
- |
|
moodle
|
moodle
|
The blind-marking implementation in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allows remote authenticated users to de-anonymize student identities by (1) …
|
CWE-200
Information Exposure
|
CVE-2014-0215
|
2024-11-21 11:01 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
