|
291211
|
- |
|
apache
oracle
|
xalan-java
webcenter_sites
|
The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass exp…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0107
|
2024-11-21 11:01 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291212
|
- |
|
openstack
|
compute
icehouse
|
The Nova EC2 API security group implementation in OpenStack Compute (Nova) 2013.1 before 2013.2.4 and icehouse before icehouse-rc2 does not enforce RBAC policies for (1) add_rules, (2) remove_rules, …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0167
|
2024-11-21 11:01 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291213
|
- |
|
openstack
opensuse
|
horizon
opensuse
|
Cross-site scripting (XSS) vulnerability in the Horizon Orchestration dashboard in OpenStack Dashboard (aka Horizon) 2013.2 before 2013.2.4 and icehouse before icehouse-rc2 allows remote attackers to…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0157
|
2024-11-21 11:01 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291214
|
- |
|
haxx
|
curl
libcurl
|
cURL and libcurl 7.1 before 7.36.0, when using the OpenSSL, axtls, qsossl or gskit libraries for TLS, recognize a wildcard IP address in the subject's Common Name (CN) field of an X.509 certificate, …
|
CWE-310
Cryptographic Issues
|
CVE-2014-0139
|
2024-11-21 11:01 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291215
|
- |
|
haxx
debian
|
curl
libcurl
debian_linux
|
The default configuration in cURL and libcurl 7.10.6 before 7.36.0 re-uses (1) SCP, (2) SFTP, (3) POP3, (4) POP3S, (5) IMAP, (6) IMAPS, (7) SMTP, (8) SMTPS, (9) LDAP, and (10) LDAPS connections, whic…
|
CWE-287
Improper Authentication
|
CVE-2014-0138
|
2024-11-21 11:01 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291216
|
- |
|
openstack
|
python-keystoneclient
|
The auth_token middleware in the OpenStack Python client library for Keystone (aka python-keystoneclient) before 0.7.0 does not properly retrieve user tokens from memcache, which allows remote authen…
|
CWE-255
Credentials Management
|
CVE-2014-0105
|
2024-11-21 11:01 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291217
|
- |
|
xangati
|
xangati_software_release
xangati_xnr
|
Xangati XSR before 11 and XNR before 7 allows remote attackers to execute arbitrary commands via shell metacharacters in a gui_input_test.pl params parameter to servlet/Installer.
|
CWE-78
OS Command
|
CVE-2014-0359
|
2024-11-21 11:01 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291218
|
- |
|
xangati
|
xangati_software_release
xangati_xnr
|
Multiple directory traversal vulnerabilities in Xangati XSR before 11 and XNR before 7 allow remote attackers to read arbitrary files via a .. (dot dot) in (1) the file parameter in a getUpgradeStatu…
|
CWE-22
Path Traversal
|
CVE-2014-0358
|
2024-11-21 11:01 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291219
|
- |
|
amtelco
|
misecuremessages
|
Amtelco miSecureMessages allows remote attackers to read the messages of arbitrary users via an XML request containing a valid license key and a modified contactID value, as demonstrated by a request…
|
CWE-287
Improper Authentication
|
CVE-2014-0357
|
2024-11-21 11:01 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291220
|
- |
|
zyxel
|
n300_netusb_nbg-419n_firmware
n300_netusb_nbg-419n
|
The ZyXEL Wireless N300 NetUSB NBG-419N router with firmware 1.00(BFQ.6)C0 allows remote attackers to execute arbitrary code via shell metacharacters in input to the (1) detectWeather, (2) set_langua…
|
CWE-78
OS Command
|
CVE-2014-0356
|
2024-11-21 11:01 |
2014-04-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
