|
281761
|
7.5 |
HIGH
Network
|
makerbot
|
replicator_5th_generation_firmware
|
The MakerBot Replicator 5G printer runs an Apache HTTP Server with directory indexing enabled. Apache logs, system logs, design files (i.e., a history of print files), and more are exposed to unauthe…
|
CWE-200
Information Exposure
|
CVE-2014-9699
|
2024-11-21 11:21 |
2019-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281762
|
6.1 |
MEDIUM
Network
|
bilboplanet
|
bilboplanet
|
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the fullname parameter to signup.php.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9919
|
2024-11-21 11:21 |
2019-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281763
|
6.1 |
MEDIUM
Network
|
bilboplanet
|
bilboplanet
|
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the user_id parameter to signup.php.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9918
|
2024-11-21 11:21 |
2019-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281764
|
6.1 |
MEDIUM
Network
|
bilboplanet
|
bilboplanet
|
An issue was discovered in Bilboplanet 2.0. There is a stored XSS vulnerability when adding a tag via the user/?page=tribes tags parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9917
|
2024-11-21 11:21 |
2019-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281765
|
4.9 |
MEDIUM
Network
|
unify
|
openstage_sip
openscape_desk_phone_ip_sip
|
CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated user…
|
CWE-93
CRLF Injection
|
CVE-2014-9563
|
2024-11-21 11:21 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281766
|
7.5 |
HIGH
Network
|
open_atrium_project
|
open_atrium
|
The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance.
|
CWE-284
Improper Access Control
|
CVE-2014-9504
|
2024-11-21 11:21 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281767
|
6.5 |
MEDIUM
Network
|
open_atrium_project
|
open_atrium
|
The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging imp…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9503
|
2024-11-21 11:21 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281768
|
8.8 |
HIGH
Network
|
open_atrium_project
|
open_atrium
|
Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication …
|
CWE-352
Origin Validation Error
|
CVE-2014-9502
|
2024-11-21 11:21 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281769
|
5.5 |
MEDIUM
Local
|
minizip_project
|
minizip
|
Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry…
|
CWE-22
Path Traversal
|
CVE-2014-9485
|
2024-11-21 11:21 |
2018-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281770
|
9.8 |
CRITICAL
Network
|
dozer_project
|
dozer
|
Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2014-9515
|
2024-11-21 11:21 |
2017-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
