|
281641
|
- |
|
otrs
|
otrs_help_desk
|
The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vector…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9324
|
2024-11-21 11:20 |
2014-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281642
|
- |
|
glpi-project
|
glpi
|
SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.
|
CWE-89
SQL Injection
|
CVE-2014-9258
|
2024-11-21 11:20 |
2014-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281643
|
- |
|
morfy_cms_project
|
morfy_cms
|
Static code injection vulnerability in install.php in Morfy CMS 1.05 allows remote authenticated users to inject arbitrary PHP code into config.php via the site_url parameter.
|
CWE-94
Code Injection
|
CVE-2014-9185
|
2024-11-21 11:20 |
2014-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281644
|
- |
|
huawei
|
p7-l10_firmware
|
The PackageInstaller module in Huawei P7-L10 smartphones before V100R001C00B136 allows remote attackers to spoof the origin website and bypass the website whitelist protection mechanism via a crafted…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9135
|
2024-11-21 11:20 |
2014-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281645
|
- |
|
arris
|
touchstone_tg862g\/ct_firmware
|
ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access…
|
CWE-255
Credentials Management
|
CVE-2014-9406
|
2024-11-21 11:20 |
2014-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281646
|
- |
|
mantisbt
|
mantisbt
|
bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter.
|
CWE-284
Improper Access Control
|
CVE-2014-9388
|
2024-11-21 11:20 |
2014-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281647
|
- |
|
sap
|
businessobjects
|
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9387
|
2024-11-21 11:20 |
2014-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281648
|
- |
|
dokuwiki
mageia
|
dokuwiki
mageia
|
The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9253
|
2024-11-21 11:20 |
2014-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281649
|
7.8 |
HIGH
Local
|
linux
redhat
canonical
opensuse
suse
google
|
linux_kernel
enterprise_linux_eus
ubuntu_linux
evergreen
suse_linux_enterprise_server
android
|
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by tr…
|
CWE-269
Improper Privilege Management
|
CVE-2014-9322
|
2024-11-21 11:20 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281650
|
- |
|
manageengine
|
netflow_analyzer
|
Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. (dot dot) in the filename.
|
CWE-22
Path Traversal
|
CVE-2014-9373
|
2024-11-21 11:20 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
