|
290411
|
- |
|
openstack
suse
|
keystone
cloud
|
OpenStack Identity (Keystone) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 does not properly handle chained delegation, which allows remote authenticated users to gain privileges b…
|
CWE-269
Improper Privilege Management
|
CVE-2014-3476
|
2024-11-21 11:08 |
2014-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290412
|
- |
|
yealink
|
voip_phone_firmware
voip_phone
|
Cross-site scripting (XSS) vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary web script or HTML via the model parameter to servlet.
|
CWE-79
Cross-site Scripting
|
CVE-2014-3428
|
2024-11-21 11:08 |
2014-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290413
|
- |
|
juniper
|
screenos
netscreen-5200
netscreen-5400
|
The Juniper Networks NetScreen Firewall devices with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a denial of service (crash and reb…
|
CWE-20
Improper Input Validation
|
CVE-2014-3814
|
2024-11-21 11:08 |
2014-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290414
|
- |
|
juniper
|
screenos
netscreen-5200
netscreen-5400
|
Unspecified vulnerability in the Juniper Networks NetScreen Firewall products with ScreenOS before 6.3r17, when configured to use the internal DNS lookup client, allows remote attackers to cause a de…
|
NVD-CWE-noinfo
|
CVE-2014-3813
|
2024-11-21 11:08 |
2014-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290415
|
- |
|
juniper
|
ive_os
unified_access_control_software
fips_infranet_controller_6500
fips_secure_access_4000
fips_secure_access_4500
fips_secure_access_6000
fips_secure_access_6500
infranet_cont…
|
The Juniper Junos Pulse Secure Access Service (SSL VPN) devices with IVE OS before 7.4r5 and 8.x before 8.0r1 and Junos Pulse Access Control Service (UAC) before 4.4r5 and 5.x before 5.0r1 enable cip…
|
CWE-310
Cryptographic Issues
|
CVE-2014-3812
|
2024-11-21 11:08 |
2014-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290416
|
- |
|
alienvault
|
open_source_security_information_management
|
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) get_license, (2) get_log_line, or (3) update_system/upgrade_pro_we…
|
CWE-94
Code Injection
|
CVE-2014-3805
|
2024-11-21 11:08 |
2014-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290417
|
- |
|
alienvault
|
open_source_security_information_management
|
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) update_system_info_debian_package, (2) ossec_task, (3) set_ossim_s…
|
CWE-94
Code Injection
|
CVE-2014-3804
|
2024-11-21 11:08 |
2014-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290418
|
- |
|
member_approval_plugin_project
|
member_approval
|
Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plug…
|
CWE-352
Origin Validation Error
|
CVE-2014-3850
|
2024-11-21 11:08 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290419
|
- |
|
dotclear
|
dotclear
|
Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by …
|
NVD-CWE-Other
|
CVE-2014-3782
|
2024-11-21 11:08 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290420
|
- |
|
dotclear
|
dotclear
|
The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request.
|
CWE-287
Improper Authentication
|
CVE-2014-3781
|
2024-11-21 11:08 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
