|
278471
|
- |
|
electric_cloud
|
electriccommander
|
Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7180
|
2024-11-21 11:16 |
2014-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278472
|
- |
|
centrify
|
directcontrol
centrify_suite
|
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging i…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7298
|
2024-11-21 11:16 |
2014-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278473
|
- |
|
newtelligence
|
dasblog
|
Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbit…
|
NVD-CWE-Other
|
CVE-2014-7292
|
2024-11-21 11:16 |
2014-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278474
|
- |
|
tenda
|
a32_firmware
a32
|
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for reque…
|
CWE-352
Origin Validation Error
|
CVE-2014-7281
|
2024-11-21 11:16 |
2014-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278475
|
- |
|
litecart
|
litecart
|
Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) …
|
CWE-79
Cross-site Scripting
|
CVE-2014-7183
|
2024-11-21 11:16 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278476
|
- |
|
codecabin
|
wp_go_maps
|
Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in…
|
CWE-79
Cross-site Scripting
|
CVE-2014-7182
|
2024-11-21 11:16 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278477
|
- |
|
tenable
|
web_ui
|
Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header.
|
CWE-79
Cross-site Scripting
|
CVE-2014-7280
|
2024-11-21 11:16 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278478
|
- |
|
citrix
|
netscaler_application_delivery_controller_firmware
|
Unspecified vulnerability in the management interface in Citrix NetScaler Application Delivery Controller (ADC) and NetScaler Gateway 10.x before 10.1-129.11 and 10.5 before 10.5-50.10 allows remote …
|
NVD-CWE-noinfo
|
CVE-2014-7140
|
2024-11-21 11:16 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278479
|
- |
|
nobexrc
|
asylum\!
|
The Asylum! (aka com.nobexinc.wls_96362255.rc) application 3.3.10 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain…
|
CWE-310
Cryptographic Issues
|
CVE-2014-7415
|
2024-11-21 11:16 |
2014-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278480
|
- |
|
magzter
|
cleo_malaysia
|
The CLEO Malaysia (aka com.magzter.cleomalaysia) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain…
|
CWE-310
Cryptographic Issues
|
CVE-2014-7414
|
2024-11-21 11:16 |
2014-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
