|
293141
|
8.8 |
HIGH
Network
|
simplemachines
|
simple_machines_forum
|
Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present…
|
CWE-22
Path Traversal
|
CVE-2013-7466
|
2024-11-21 11:01 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293142
|
7.5 |
HIGH
Network
|
seafile
|
seafile
|
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionar…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2013-7469
|
2024-11-21 11:01 |
2019-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293143
|
9.8 |
CRITICAL
Network
|
icecoldapps
|
servers_ultimate
|
Ice Cold Apps Servers Ultimate 6.0.2(12) does not require authentication for TELNET, SSH, or FTP, which allows remote attackers to execute arbitrary code by uploading PHP scripts.
|
CWE-287
Improper Authentication
|
CVE-2013-7465
|
2024-11-21 11:01 |
2018-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293144
|
8.8 |
HIGH
Network
|
csrf-magic_project
|
csrf-magic
|
In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatica…
|
CWE-352
Origin Validation Error
|
CVE-2013-7464
|
2024-11-21 11:01 |
2018-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293145
|
5.5 |
MEDIUM
Local
|
check_mk_project
|
check_mk
|
Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job.
|
CWE-59
Link Following
|
CVE-2014-0243
|
2024-11-21 11:01 |
2018-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293146
|
8.8 |
HIGH
Network
|
uclouvain
opensuse
|
openjpeg
opensuse
|
Heap-based buffer overflow in the JPEG2000 image tile decoder in OpenJPEG before 1.5.2 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impa…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0158
|
2024-11-21 11:01 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293147
|
5.4 |
MEDIUM
Network
|
emberjs
|
ember.js
|
Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leverag…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0014
|
2024-11-21 11:01 |
2018-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293148
|
5.4 |
MEDIUM
Network
|
emberjs
|
ember.js
|
Ember.js 1.0.x before 1.0.1, 1.1.x before 1.1.3, 1.2.x before 1.2.1, 1.3.x before 1.3.1, and 1.4.x before 1.4.0-beta.2 allows remote attackers to conduct cross-site scripting (XSS) attacks by leverag…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0013
|
2024-11-21 11:01 |
2018-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293149
|
8.8 |
HIGH
Network
|
redhat
|
cloudforms_management_engine
|
The check_privileges method in vmdb/app/controllers/application_controller.rb in ManageIQ, as used in Red Hat CloudForms Management Engine (CFME), allows remote authenticated users to bypass authoriz…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0087
|
2024-11-21 11:01 |
2018-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293150
|
9.8 |
CRITICAL
Network
|
hawt
redhat
|
hawtio
jboss_fuse
|
The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.
|
CWE-287
Improper Authentication
|
CVE-2014-0121
|
2024-11-21 11:01 |
2017-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
