|
286961
|
6.5 |
MEDIUM
Network
|
entity_api_project
fedoraproject
|
entity_api
fedora
|
The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspec…
|
CWE-284
Improper Access Control
|
CVE-2014-1400
|
2024-11-21 11:04 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286962
|
6.5 |
MEDIUM
Network
|
entity_api_project
fedoraproject
|
entity_api
fedora
|
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspe…
|
CWE-284
Improper Access Control
|
CVE-2014-1399
|
2024-11-21 11:04 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286963
|
6.5 |
MEDIUM
Network
|
entity_api_project
fedoraproject
|
entity_api
fedora
|
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statis…
|
CWE-284
Improper Access Control
|
CVE-2014-1398
|
2024-11-21 11:04 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286964
|
5.4 |
MEDIUM
Network
|
owncloud
|
owncloud
|
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
|
CWE-79
Cross-site Scripting
|
CVE-2014-1665
|
2024-11-21 11:04 |
2018-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286965
|
8.8 |
HIGH
Network
|
openwebanalytics
|
open_web_analytics
|
Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user…
|
CWE-352
Origin Validation Error
|
CVE-2014-1457
|
2024-11-21 11:04 |
2018-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286966
|
8.1 |
HIGH
Network
|
eventum_project
|
eventum
|
htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.
|
CWE-275
Permission Issues
|
CVE-2014-1632
|
2024-11-21 11:04 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286967
|
7.5 |
HIGH
Network
|
eventum_project
|
eventum
|
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
|
CWE-275
Permission Issues
|
CVE-2014-1631
|
2024-11-21 11:04 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286968
|
7.5 |
HIGH
Network
|
technicolor
|
tc7200_firmware
|
Technicolor TC7200 with firmware STD6.01.12 could allow remote attackers to obtain sensitive information.
|
CWE-200
Information Exposure
|
CVE-2014-1677
|
2024-11-21 11:04 |
2017-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286969
|
- |
|
nokia_maps_\&_places_project
|
nokia_maps_\&_places
|
Open redirect vulnerability in nokia-mapsplaces.php in the Nokia Maps & Places plugin 1.6.6 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks…
|
NVD-CWE-Other
|
CVE-2014-1750
|
2024-11-21 11:04 |
2015-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286970
|
- |
|
linuxcontainers
canonical
|
cgmanager
ubuntu_linux
|
cmanager 0.32 does not properly enforce nesting when modifying cgroup properties, which allows local users to set cgroup values for all cgroups via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1425
|
2024-11-21 11:04 |
2015-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
