|
281241
|
- |
|
cisco
|
spa_512g_1-line_ip_phone
spa941_4-line_ip_phone_with_1-port_ethernet
spa_504g_4-line_ip_phone
spa_525g_5-line_ip_phone
spa_301_1_line_ip_phone
spa962_6-line_ip_phone_with_2-port_switch…
|
The debug console interface on Cisco Small Business SPA300 and SPA500 phones does not properly perform authentication, which allows local users to execute arbitrary debug-shell commands, or read or m…
|
CWE-287
Improper Authentication
|
CVE-2014-3312
|
2024-11-21 11:07 |
2014-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281242
|
- |
|
avg
|
safeguard
secure_search_toolbar
|
ScriptHelperApi in the AVG ScriptHelper ActiveX control in ScriptHelper.exe in AVG Secure Search toolbar before 18.1.7.598 and AVG Safeguard before 18.1.7.644 does not implement domain-based access c…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2956
|
2024-11-21 11:07 |
2014-07-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281243
|
- |
|
cisco
|
ios_xr
asr_9000_rsp440_router
asr_9001
asr_9006
asr_9010
asr_9904
asr_9912
asr_9922
|
Cisco IOS XR on Trident line cards in ASR 9000 devices lacks a static punt policer, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted packets, aka B…
|
CWE-20
Improper Input Validation
|
CVE-2014-3308
|
2024-11-21 11:07 |
2014-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281244
|
- |
|
cisco
|
unified_communications_domain_manager
unified_cdm_application_software
|
The BVSMWeb portal in the web framework in Cisco Unified Communications Domain Manager (CDM) in Unified CDM Application Software before 10 does not properly implement access control, which allows rem…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3300
|
2024-11-21 11:07 |
2014-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281245
|
- |
|
realnetworks
|
realplayer
|
Multiple buffer overflows in RealNetworks RealPlayer before 17.0.10.8 allow remote attackers to execute arbitrary code via a malformed (1) elst or (2) stsz atom in an MP4 file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3113
|
2024-11-21 11:07 |
2014-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281246
|
- |
|
netgear
|
gs108pe_firmware
gs108pe
|
NETGEAR GS108PE Prosafe Plus switches with firmware 1.2.0.5 have a hardcoded password of debugpassword for the ntgruser account, which allows remote attackers to upload firmware or read or modify mem…
|
CWE-255
Credentials Management
|
CVE-2014-2969
|
2024-11-21 11:07 |
2014-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281247
|
- |
|
autodesk
|
vred
|
Autodesk VRED Professional 2014 before SR1 SP8 allows remote attackers to execute arbitrary code via Python os library calls in Python API commands to the integrated web server.
|
CWE-78
OS Command
|
CVE-2014-2967
|
2024-11-21 11:07 |
2014-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281248
|
- |
|
invisionpower
invisioncommunity
|
ip.nexus
invision_power_board
|
Cross-site scripting (XSS) vulnerability in Invision Power IP.Board (aka IPB or Power Board) 3.3.x and 3.4.x through 3.4.6, as downloaded before 20140424, or IP.Nexus 1.5.x through 1.5.9, as download…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3149
|
2024-11-21 11:07 |
2014-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281249
|
- |
|
spamtitan
|
spamtitan
|
Cross-site scripting (XSS) vulnerability in auth-settings-x.php in SpamTitan before 6.04 allows remote attackers to inject arbitrary web script or HTML via the sortdir parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-2965
|
2024-11-21 11:07 |
2014-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281250
|
- |
|
cisco
|
universal_small_cell_series_firmware
|
The DHCP client implementation in Universal Small Cell firmware on Cisco Small Cell products allows remote attackers to execute arbitrary commands via crafted DHCP messages, aka Bug ID CSCup47513.
|
NVD-CWE-Other
|
CVE-2014-3307
|
2024-11-21 11:07 |
2014-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
