|
282401
|
4.9 |
MEDIUM
Network
|
oracle
openbsd
|
communications_user_data_repository
openssh
|
sshd in OpenSSH before 6.6 does not properly support wildcards on AcceptEnv lines in sshd_config, which allows remote attackers to bypass intended environment restrictions by using a substring locate…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2532
|
2024-11-21 11:06 |
2014-03-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282402
|
- |
|
lighttpd
debian
opensuse
suse
contec
|
lighttpd
debian_linux
opensuse
linux_enterprise_software_development_kit
linux_enterprise_high_availability_extension
sv-cpt-mc310_firmware
|
Multiple directory traversal vulnerabilities in (1) mod_evhost and (2) mod_simple_vhost in lighttpd before 1.4.35 allow remote attackers to read arbitrary files via a .. (dot dot) in the host name, r…
|
CWE-22
Path Traversal
|
CVE-2014-2324
|
2024-11-21 11:06 |
2014-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282403
|
9.8 |
CRITICAL
Network
|
lighttpd
debian
opensuse
suse
|
lighttpd
debian_linux
opensuse
linux_enterprise_software_development_kit
linux_enterprise_high_availability_extension
|
SQL injection vulnerability in mod_mysql_vhost.c in lighttpd before 1.4.35 allows remote attackers to execute arbitrary SQL commands via the host name, related to request_check_hostname.
|
CWE-89
SQL Injection
|
CVE-2014-2323
|
2024-11-21 11:06 |
2014-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282404
|
- |
|
juniper
|
ive_os
|
Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before…
|
NVD-CWE-noinfo
|
CVE-2014-2292
|
2024-11-21 11:06 |
2014-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282405
|
- |
|
juniper
|
ive_os
|
Cross-site scripting (XSS) vulnerability in the Pulse Collaboration (Secure Meeting) user pages in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2291
|
2024-11-21 11:06 |
2014-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282406
|
- |
|
proxmox
|
mail_gateway
|
Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway before 3.1-5829 allow remote attackers to inject arbitrary web script or HTML via the (1) state parameter to objects/who/in…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2325
|
2024-11-21 11:06 |
2014-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282407
|
- |
|
powerarchiver
|
powerarchiver
|
The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to o…
|
CWE-310
Cryptographic Issues
|
CVE-2014-2319
|
2024-11-21 11:06 |
2014-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282408
|
- |
|
modx
|
modx_revolution
|
SQL injection vulnerability in modx.class.php in MODX Revolution 2.0.0 before 2.2.13 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2014-2311
|
2024-11-21 11:06 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282409
|
- |
|
zte
|
f460
f660
|
web_shell_cmd.gch on ZTE F460 and F660 cable modems allows remote attackers to obtain administrative access via sendcmd requests, as demonstrated by using "set TelnetCfg" commands to enable a TELNET …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2321
|
2024-11-21 11:06 |
2014-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282410
|
- |
|
linux
opensuse
suse
|
linux_kernel
opensuse
linux_enterprise_server
|
The ip6_route_add function in net/ipv6/route.c in the Linux kernel through 3.13.6 does not properly count the addition of routes, which allows remote attackers to cause a denial of service (memory co…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-2309
|
2024-11-21 11:06 |
2014-03-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
