|
285621
|
9.8 |
CRITICAL
Network
|
centurystar_project
|
centurystar
|
centurystar 7.12 ActiveX Control has a Stack Buffer Overflow
|
CWE-787
Out-of-bounds Write
|
CVE-2014-1598
|
2024-11-21 11:04 |
2020-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285622
|
4.8 |
MEDIUM
Network
|
pearson
|
esis_enterprise_student_information_system
|
Pearson eSIS (Enterprise Student Information System) message board has stored XSS due to improper validation of user input
|
CWE-79
Cross-site Scripting
|
CVE-2014-1454
|
2024-11-21 11:04 |
2020-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285623
|
5.3 |
MEDIUM
Network
|
canonical
|
metal_as_a_service
|
A vulnerability in generate_filestorage_key of Ubuntu MAAS allows an attacker to brute-force filenames. This issue affects Ubuntu MAAS versions prior to 1.9.2.
|
CWE-254
7PK - Security Features
|
CVE-2014-1428
|
2024-11-21 11:04 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285624
|
6.1 |
MEDIUM
Network
|
canonical
|
metal_as_a_service
|
A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.
|
CWE-79
Cross-site Scripting
|
CVE-2014-1427
|
2024-11-21 11:04 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285625
|
7.5 |
HIGH
Network
|
canonical
|
metal_as_a_service
|
A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2.
|
CWE-20
Improper Input Validation
|
CVE-2014-1426
|
2024-11-21 11:04 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285626
|
5.3 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation.
|
CWE-200
Information Exposure
|
CVE-2014-1686
|
2024-11-21 11:04 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285627
|
6.5 |
MEDIUM
Network
|
entity_api_project
fedoraproject
|
entity_api
fedora
|
The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspec…
|
CWE-284
Improper Access Control
|
CVE-2014-1400
|
2024-11-21 11:04 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285628
|
6.5 |
MEDIUM
Network
|
entity_api_project
fedoraproject
|
entity_api
fedora
|
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspe…
|
CWE-284
Improper Access Control
|
CVE-2014-1399
|
2024-11-21 11:04 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285629
|
6.5 |
MEDIUM
Network
|
entity_api_project
fedoraproject
|
entity_api
fedora
|
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statis…
|
CWE-284
Improper Access Control
|
CVE-2014-1398
|
2024-11-21 11:04 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285630
|
5.4 |
MEDIUM
Network
|
owncloud
|
owncloud
|
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
|
CWE-79
Cross-site Scripting
|
CVE-2014-1665
|
2024-11-21 11:04 |
2018-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
