|
285941
|
- |
|
moodle
|
moodle
|
The wiki subsystem in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 does not properly restrict (1) view and (2) edit access, which allows remote authenticated …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0123
|
2024-11-21 11:01 |
2014-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285942
|
- |
|
apache
|
camel
|
The XSLT component in Apache Camel 2.11.x before 2.11.4, 2.12.x before 2.12.3, and possibly earlier versions allows remote attackers to execute arbitrary Java methods via a crafted message.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0003
|
2024-11-21 11:01 |
2014-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285943
|
- |
|
apache
|
camel
|
The XSLT component in Apache Camel before 2.11.4 and 2.12.x before 2.12.3 allows remote attackers to read arbitrary files and possibly have other unspecified impact via an XML document containing an …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0002
|
2024-11-21 11:01 |
2014-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285944
|
- |
|
fedoraproject
|
389_directory_server
|
The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SAS…
|
CWE-287
Improper Authentication
|
CVE-2014-0132
|
2024-11-21 11:01 |
2014-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285945
|
- |
|
redhat
|
cloudforms
cloudforms_3.0_management_engine
|
The x_button method in the ServiceController (vmdb/app/controllers/service_controller.rb) in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unsp…
|
CWE-94
Code Injection
|
CVE-2014-0057
|
2024-11-21 11:01 |
2014-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285946
|
- |
|
apache
oracle
canonical
|
http_server
secure_global_desktop
ubuntu_linux
|
The log_cookie function in mod_log_config.c in the mod_log_config module in the Apache HTTP Server before 2.4.8 allows remote attackers to cause a denial of service (segmentation fault and daemon cra…
|
NVD-CWE-noinfo
|
CVE-2014-0098
|
2024-11-21 11:01 |
2014-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285947
|
- |
|
webmin
|
webmin
|
Cross-site scripting (XSS) vulnerability in view.cgi in Webmin before 1.680 allows remote attackers to inject arbitrary web script or HTML via the search parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-0339
|
2024-11-21 11:01 |
2014-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285948
|
- |
|
watchguard
|
fireware
|
Multiple cross-site scripting (XSS) vulnerabilities in the firewall policy management pages in WatchGuard Fireware XTM before 11.8.3 allow remote attackers to inject arbitrary web script or HTML via …
|
CWE-79
Cross-site Scripting
|
CVE-2014-0338
|
2024-11-21 11:01 |
2014-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285949
|
- |
|
libssh
|
libssh
|
The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared be…
|
CWE-310
Cryptographic Issues
|
CVE-2014-0017
|
2024-11-21 11:01 |
2014-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285950
|
- |
|
microsoft
|
internet_explorer
|
Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corru…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0324
|
2024-11-21 11:01 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
