|
277861
|
- |
|
bmc
|
track-it\!
|
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configur…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2014-4872
|
2024-11-21 11:11 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277862
|
- |
|
cryoserver
|
cryoserver_security_appliance
|
Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/init.d/cryoserver, which allows local users to gain privileges by leveraging access to the support account and running the /bin/cryo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4867
|
2024-11-21 11:11 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277863
|
- |
|
mit
|
kerberos_5
|
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows r…
|
CWE-255
Credentials Management
|
CVE-2014-5351
|
2024-11-21 11:11 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277864
|
- |
|
x2engine
|
x2engine
|
FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5298
|
2024-11-21 11:11 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277865
|
- |
|
x2engine
|
x2engine
|
The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery (SSR…
|
CWE-94
Code Injection
|
CVE-2014-5297
|
2024-11-21 11:11 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277866
|
- |
|
gnupg
debian
|
libgcrypt
debian_linux
|
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers …
|
CWE-200
Information Exposure
|
CVE-2014-5270
|
2024-11-21 11:11 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277867
|
- |
|
adaptivecomputing
|
moab
|
Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-generated key is used, does not validate that the requesting user matches the actor in the message, which allows remote authenticat…
|
CWE-20
Improper Input Validation
|
CVE-2014-5376
|
2024-11-21 11:11 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277868
|
- |
|
adaptivecomputing
|
moab
|
The server in Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 does not properly validate the message owner matches the submitting user, which allows remote authenticated users to impersonate …
|
CWE-20
Improper Input Validation
|
CVE-2014-5375
|
2024-11-21 11:11 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277869
|
- |
|
adaptivecomputing
|
moab
|
Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0 allows remote attackers to bypass the signature check, impersonate arbitrary users, and execute commands via a message without a signature.
|
CWE-287
Improper Authentication
|
CVE-2014-5300
|
2024-11-21 11:11 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277870
|
- |
|
testlink
|
testlink
|
Multiple SQL injection vulnerabilities in TestLink 1.9.11 allow remote authenticated users to execute arbitrary SQL commands via the (1) name parameter in a Search action to lib/project/projectView.p…
|
CWE-89
SQL Injection
|
CVE-2014-5308
|
2024-11-21 11:11 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
