|
281581
|
5.3 |
MEDIUM
Network
|
proxmox
|
virtual_environment
|
Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2014-4156
|
2024-11-21 11:09 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281582
|
9.8 |
CRITICAL
Network
|
apereo
debian
fedoraproject
|
.net_cas_client
java_cas_client
phpcas
debian_linux
fedora
|
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before…
|
CWE-74
Injection
|
CVE-2014-4172
|
2024-11-21 11:09 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281583
|
6.1 |
MEDIUM
Network
|
bssys
|
rbs_bs-client
|
Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allows remote attackers to inject arbitrary web script or HTML via the colorstyle parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-4196
|
2024-11-21 11:09 |
2020-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281584
|
6.1 |
MEDIUM
Network
|
ulli_horlacher
|
fex
|
The addto parameter to fup in Frams' Fast File EXchange (F*EX, aka fex) before fex-2014053 allows remote attackers to conduct cross-site scripting (XSS) attacks
|
CWE-79
Cross-site Scripting
|
CVE-2014-3875
|
2024-11-21 11:09 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281585
|
5.5 |
MEDIUM
Local
|
s48
|
scheme48
|
The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp.
|
CWE-59
Link Following
|
CVE-2014-4150
|
2024-11-21 11:09 |
2018-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281586
|
8.1 |
HIGH
Network
|
horde
|
horde_ldap
|
The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN.
|
CWE-287
Improper Authentication
|
CVE-2014-3999
|
2024-11-21 11:09 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281587
|
9.8 |
CRITICAL
Network
|
opencart
|
opencart
|
The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External …
|
CWE-611
CWE-918
XXE
Server-Side Request Forgery (SSRF)
|
CVE-2014-3990
|
2024-11-21 11:09 |
2018-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281588
|
5.9 |
MEDIUM
Network
|
f5
|
big-ip_local_traffic_manager
big-ip_application_acceleration_manager
big-ip_advanced_firewall_manager
big-ip_analytics
big-ip_access_policy_manager
big-ip_application_security_manager<…
|
SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used…
|
CWE-200
Information Exposure
|
CVE-2014-4024
|
2024-11-21 11:09 |
2018-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281589
|
5.3 |
MEDIUM
Network
|
apexis
|
apm-j601-ws_firmware
|
Directory traversal vulnerability in Apexis APM-J601-WS cameras with firmware before 17.35.2.49 allows remote attackers to read arbitrary files via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2014-3972
|
2024-11-21 11:09 |
2018-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281590
|
7.5 |
HIGH
Network
|
microsoft
|
internet_explorer
|
Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vuln…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-4145
|
2024-11-21 11:09 |
2018-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
