|
286221
|
6.5 |
MEDIUM
Network
|
entity_api_project
fedoraproject
|
entity_api
fedora
|
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspe…
|
CWE-284
Improper Access Control
|
CVE-2014-1399
|
2024-11-21 11:04 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286222
|
6.5 |
MEDIUM
Network
|
entity_api_project
fedoraproject
|
entity_api
fedora
|
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statis…
|
CWE-284
Improper Access Control
|
CVE-2014-1398
|
2024-11-21 11:04 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286223
|
5.4 |
MEDIUM
Network
|
owncloud
|
owncloud
|
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
|
CWE-79
Cross-site Scripting
|
CVE-2014-1665
|
2024-11-21 11:04 |
2018-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286224
|
8.8 |
HIGH
Network
|
openwebanalytics
|
open_web_analytics
|
Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user…
|
CWE-352
Origin Validation Error
|
CVE-2014-1457
|
2024-11-21 11:04 |
2018-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286225
|
8.1 |
HIGH
Network
|
eventum_project
|
eventum
|
htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.
|
CWE-275
Permission Issues
|
CVE-2014-1632
|
2024-11-21 11:04 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286226
|
7.5 |
HIGH
Network
|
eventum_project
|
eventum
|
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
|
CWE-275
Permission Issues
|
CVE-2014-1631
|
2024-11-21 11:04 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286227
|
7.5 |
HIGH
Network
|
technicolor
|
tc7200_firmware
|
Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
|
CWE-200
Information Exposure
|
CVE-2014-1677
|
2024-11-21 11:04 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286228
|
- |
|
nokia_maps_\&_places_project
|
nokia_maps_\&_places
|
Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks…
|
NVD-CWE-Other
|
CVE-2014-1750
|
2024-11-21 11:04 |
2015-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286229
|
- |
|
linuxcontainers
canonical
|
cgmanager
ubuntu_linux
|
cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1425
|
2024-11-21 11:04 |
2015-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286230
|
- |
|
open-xchange
|
open-xchange_appsuite
|
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web scrip…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1679
|
2024-11-21 11:04 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
