|
282431
|
- |
|
strangerstudios
|
paid_memberships_pro
|
Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUER…
|
CWE-22
Path Traversal
|
CVE-2014-8801
|
2024-11-21 11:19 |
2014-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282432
|
- |
|
dukapress
|
dukapress
|
Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (do…
|
CWE-22
Path Traversal
|
CVE-2014-8799
|
2024-11-21 11:19 |
2014-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282433
|
- |
|
xavoc
|
xepan_cms
|
Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests t…
|
CWE-352
Origin Validation Error
|
CVE-2014-8429
|
2024-11-21 11:19 |
2014-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282434
|
- |
|
arris
|
vap2500_firmware
|
The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files.
|
CWE-200
Information Exposure
|
CVE-2014-8425
|
2024-11-21 11:19 |
2014-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282435
|
- |
|
arris
|
vap2500_firmware
|
ARRIS VAP2500 before FW08.41 does not properly validate passwords, which allows remote attackers to bypass authentication.
|
CWE-287
Improper Authentication
|
CVE-2014-8424
|
2024-11-21 11:19 |
2014-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282436
|
- |
|
arris
|
vap2500_firmware
|
Unspecified vulnerability in the management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to execute arbitrary commands via unknown vectors.
|
CWE-74
Injection
|
CVE-2014-8423
|
2024-11-21 11:19 |
2014-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282437
|
- |
|
wibu
|
codemeter_runtime
|
Wibu-Systems CodeMeter Runtime before 5.20 uses weak permissions (read and write access for all users) for codemeter.exe, which allows local users to gain privileges via a Trojan horse file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8419
|
2024-11-21 11:19 |
2014-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282438
|
- |
|
siemens
|
simatic_tiaportal
simatic_wincc
simatic_pcs7
simatic_pcs_7
|
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 all…
|
CWE-200
Information Exposure
|
CVE-2014-8552
|
2024-11-21 11:19 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282439
|
- |
|
siemens
|
simatic_tiaportal
simatic_wincc
simatic_pcs7
simatic_pcs_7
|
The WinCC server in Siemens SIMATIC WinCC 7.0 through SP3, 7.2 before Update 9, and 7.3 before Update 2; SIMATIC PCS 7 7.1 through SP4, 8.0 through SP2, and 8.1; and TIA Portal 13 before Update 6 all…
|
CWE-94
Code Injection
|
CVE-2014-8551
|
2024-11-21 11:19 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282440
|
- |
|
manageengine
|
oputils
|
The ConfigSaveServlet servlet in ManageEngine OpUtils before build 71024 allows remote attackers to "disclose" files via a crafted filename, related to "saveFile."
|
CWE-200
Information Exposure
|
CVE-2014-8678
|
2024-11-21 11:19 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
