|
282631
|
8.8 |
HIGH
Network
|
cups
|
cups
|
The browsing feature in the server in CUPS does not filter ANSI escape sequences from shared printer names, which might allow remote attackers to execute arbitrary code via a crafted printer name.
|
CWE-20
Improper Input Validation
|
CVE-2014-8166
|
2024-11-21 11:18 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282632
|
7.8 |
HIGH
Local
|
google
|
android
|
The backup mechanism in the adb tool in Android might allow attackers to inject additional applications (APKs) and execute arbitrary code by leveraging failure to filter application data streams.
|
CWE-74
Injection
|
CVE-2014-7952
|
2024-11-21 11:18 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282633
|
6.5 |
MEDIUM
Network
|
wp-dbmanager_project
|
wp-dbmanager
|
The "Sql Run Query" panel in WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote attackers to read arbitrary files by leveraging failure to sufficiently limit queries,…
|
CWE-20
Improper Input Validation
|
CVE-2014-8336
|
2024-11-21 11:18 |
2018-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282634
|
7.8 |
HIGH
Local
|
wp-dbmanager_project
|
wp-dbmanager
|
(1) wp-dbmanager.php and (2) database-manage.php in the WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress place credentials on the mysqldump command line, which allows local users…
|
CWE-255
Credentials Management
|
CVE-2014-8335
|
2024-11-21 11:18 |
2018-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282635
|
9.8 |
CRITICAL
Network
|
zohocorp
|
desktop_central
|
The DCPluginServelet servlet in ManageEngine Desktop Central and Desktop Central MSP before build 90109 allows remote attackers to create administrator accounts via an addPlugInUser action.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7862
|
2024-11-21 11:18 |
2018-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282636
|
7.5 |
HIGH
Network
|
redhat
fedoraproject
netcf_project
|
enterprise_linux
fedora
netcf
|
The find_ifcfg_path function in netcf before 0.2.7 might allow attackers to cause a denial of service (application crash) via vectors involving augeas path expressions.
|
CWE-20
Improper Input Validation
|
CVE-2014-8119
|
2024-11-21 11:18 |
2017-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282637
|
7.8 |
HIGH
Local
|
huawei
|
ec156_firmware
ec176_firmware
ec177_firmware
|
Huawei EC156, EC176, and EC177 USB Modem products with software before UTPS-V200R003B015D02SP07C1014 (23.015.02.07.1014) and before V200R003B015D02SP08C1014 (23.015.02.08.1014) use a weak ACL for the…
|
CWE-426
Untrusted Search Path
|
CVE-2014-8358
|
2024-11-21 11:18 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282638
|
6.5 |
MEDIUM
Network
|
redhat
|
cloudforms_3.0_management_engine
|
Red Hat CloudForms 3 Management Engine (CFME) allows remote authenticated users to cause a denial of service (resource consumption) via vectors involving calls to the .to_sym rails function and lack …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2014-7813
|
2024-11-21 11:18 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282639
|
8.8 |
HIGH
Network
|
dasanzhone
|
znid_2426a_firmware
|
backupsettings.html in the web administrative portal in Zhone zNID GPON 2426A before S3.0.501 places a session key in a URL, which allows remote attackers to obtain arbitrary user passwords via the s…
|
CWE-255
Credentials Management
|
CVE-2014-8357
|
2024-11-21 11:18 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282640
|
7.5 |
HIGH
Network
|
aircrack-ng
|
aircrack-ng
|
network.c in Aircrack-ng before 1.2 Beta 3 allows remote attackers to cause a denial of service (segmentation fault) via a response with a crafted length parameter.
|
CWE-20
Improper Input Validation
|
CVE-2014-8324
|
2024-11-21 11:18 |
2017-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
