|
276651
|
- |
|
arris
|
touchstone_tg862g\/ct_firmware
|
ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access…
|
CWE-255
Credentials Management
|
CVE-2014-9406
|
2024-11-21 11:20 |
2014-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276652
|
- |
|
mantisbt
|
mantisbt
|
bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter.
|
CWE-284
Improper Access Control
|
CVE-2014-9388
|
2024-11-21 11:20 |
2014-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276653
|
- |
|
sap
|
businessobjects
|
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and gain privileges via a crafted CORBA call, aka SAP Note 2039905.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9387
|
2024-11-21 11:20 |
2014-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276654
|
- |
|
dokuwiki
mageia
|
dokuwiki
mageia
|
The default file type whitelist configuration in conf/mime.conf in the Media Manager in DokuWiki before 2014-09-29b allows remote attackers to execute arbitrary web script or HTML by uploading an SWF…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9253
|
2024-11-21 11:20 |
2014-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276655
|
7.8 |
HIGH
Local
|
linux
redhat
canonical
opensuse
suse
google
|
linux_kernel
enterprise_linux_eus
ubuntu_linux
evergreen
suse_linux_enterprise_server
android
|
arch/x86/kernel/entry_64.S in the Linux kernel before 3.17.5 does not properly handle faults associated with the Stack Segment (SS) segment register, which allows local users to gain privileges by tr…
|
CWE-269
Improper Privilege Management
|
CVE-2014-9322
|
2024-11-21 11:20 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276656
|
- |
|
manageengine
|
netflow_analyzer
|
Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. (dot dot) in the filename.
|
CWE-22
Path Traversal
|
CVE-2014-9373
|
2024-11-21 11:20 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276657
|
- |
|
manageengine
|
password_manager_pro
|
Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in…
|
CWE-22
Path Traversal
|
CVE-2014-9372
|
2024-11-21 11:20 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276658
|
- |
|
zohocorp
|
manageengine_desktop_central
|
The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object.
|
CWE-20
Improper Input Validation
|
CVE-2014-9371
|
2024-11-21 11:20 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276659
|
- |
|
docker
|
docker
|
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation o…
|
CWE-20
Improper Input Validation
|
CVE-2014-9358
|
2024-11-21 11:20 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276660
|
- |
|
docker
|
docker
|
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive ex…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9357
|
2024-11-21 11:20 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
