|
290421
|
- |
|
sophos
|
web_appliance_firmware
web_appliance
|
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address paramet…
|
CWE-78
OS Command
|
CVE-2014-2850
|
2024-11-21 11:07 |
2014-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290422
|
- |
|
sophos
|
web_appliance_firmware
web_appliance
|
The Change Password dialog box (change_password) in Sophos Web Appliance before 3.8.2 allows remote authenticated users to change the admin user password via a crafted request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2849
|
2024-11-21 11:07 |
2014-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290423
|
- |
|
tenable
|
nessus
plugin-set
|
A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp direc…
|
CWE-362
Race Condition
|
CVE-2014-2848
|
2024-11-21 11:07 |
2014-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290424
|
- |
|
construtiva
|
cis_manager_cms
|
SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter.
|
CWE-89
SQL Injection
|
CVE-2014-2847
|
2024-11-21 11:07 |
2014-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290425
|
- |
|
erlang-solutions
|
mongooseim
|
Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2829
|
2024-11-21 11:07 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290426
|
8.8 |
HIGH
Network
|
fortinet
|
fortibalancer_400_firmware
fortibalancer_1000_firmware
fortibalancer_2000_firmware
fortibalancer_3000_firmware
|
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. Th…
|
CWE-276
Incorrect Default Permissions
|
CVE-2014-2723
|
2024-11-21 11:06 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290427
|
8.8 |
HIGH
Network
|
fortinet
|
fortibalancer_400_firmware
fortibalancer_1000_firmware
fortibalancer_2000_firmware
fortibalancer_3000_firmware
|
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. Th…
|
CWE-276
Incorrect Default Permissions
|
CVE-2014-2722
|
2024-11-21 11:06 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290428
|
8.8 |
HIGH
Network
|
fortinet
|
fortibalancer_400_firmware
fortibalancer_1000_firmware
fortibalancer_2000_firmware
fortibalancer_3000_firmware
|
In FortiBalancer 400, 1000, 2000 and 3000, a platform-specific remote access vulnerability has been discovered that may allow a remote user to gain privileged access to affected systems using SSH. Th…
|
CWE-276
Incorrect Default Permissions
|
CVE-2014-2721
|
2024-11-21 11:06 |
2020-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290429
|
9.8 |
CRITICAL
Network
|
trustwave
|
mailmarshal
|
The STARTTLS implementation in MailMarshal before 7.2 allows plaintext command injection.
|
CWE-78
OS Command
|
CVE-2014-2727
|
2024-11-21 11:06 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290430
|
7.5 |
HIGH
Network
|
phoner
|
phonerlite
|
The PhonerLite phone before 2.15 provides hashed credentials in a response to an invalid authentication challenge, which makes it easier for remote attackers to obtain access via a brute-force attack…
|
CWE-916
Use of Password Hash With Insufficient Computational Effort
|
CVE-2014-2560
|
2024-11-21 11:06 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
