|
277651
|
- |
|
zenoss
|
zenoss_core
|
Zenoss Core through 5 Beta 3 stores cleartext passwords in the session database, which might allow local users to obtain sensitive information by reading database entries, aka ZEN-15416.
|
CWE-200
Information Exposure
|
CVE-2014-9252
|
2024-11-21 11:20 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277652
|
- |
|
zenoss
|
zenoss_core
|
Zenoss Core through 5 Beta 3 uses a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-force attack on hash values in the d…
|
CWE-255
Credentials Management
|
CVE-2014-9251
|
2024-11-21 11:20 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277653
|
- |
|
zenoss
|
zenoss_core
|
Zenoss Core through 5 Beta 3 does not include the HTTPOnly flag in a Set-Cookie header for the authentication cookie, which makes it easier for remote attackers to obtain credential information via s…
|
CWE-200
Information Exposure
|
CVE-2014-9250
|
2024-11-21 11:20 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277654
|
- |
|
zenoss
|
zenoss_core
|
The default configuration of Zenoss Core before 5 allows remote attackers to read or modify database information by connecting to unspecified open ports, aka ZEN-15408.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9249
|
2024-11-21 11:20 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277655
|
- |
|
zenoss
|
zenoss_core
|
Zenoss Core through 5 Beta 3 does not require complex passwords, which makes it easier for remote attackers to obtain access via a brute-force attack, aka ZEN-15406.
|
CWE-255
Credentials Management
|
CVE-2014-9248
|
2024-11-21 11:20 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277656
|
- |
|
zenoss
|
zenoss_core
|
Zenoss Core through 5 Beta 3 allows remote authenticated users to obtain sensitive (1) user account, (2) e-mail address, and (3) role information by visiting the ZenUsers (aka User Manager) page, aka…
|
CWE-200
Information Exposure
|
CVE-2014-9247
|
2024-11-21 11:20 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277657
|
- |
|
zenoss
|
zenoss_core
|
Zenoss Core through 5 Beta 3 allows remote attackers to obtain sensitive information by attempting a product-rename action with an invalid new name and then reading a stack trace, as demonstrated by …
|
CWE-200
Information Exposure
|
CVE-2014-9245
|
2024-11-21 11:20 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277658
|
- |
|
microsoft
|
internet_explorer
|
Use-after-free vulnerability in Microsoft Internet Explorer allows remote attackers to execute arbitrary code via a crafted HTML document in conjunction with a Cascading Style Sheets (CSS) token sequ…
|
NVD-CWE-Other
|
CVE-2014-8967
|
2024-11-21 11:20 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277659
|
- |
|
digium
|
certified_asterisk
asterisk
|
Double free vulnerability in the WebSocket Server (res_http_websocket module) in Asterisk Open Source 11.x before 11.14.2, 12.x before 12.7.2, and 13.x before 13.0.2 and Certified Asterisk 11.6 befor…
|
NVD-CWE-Other
|
CVE-2014-9374
|
2024-11-21 11:20 |
2014-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277660
|
- |
|
k7computing
|
k7av_sentry_device_driver
|
Stack-based buffer overflow in the K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to execute arbitrar…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-8956
|
2024-11-21 11:20 |
2014-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
