|
277531
|
- |
|
cyberoam
|
cyberoam_os
|
SQL injection vulnerability in the Guest Login Portal in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary SQL commands via the add_guest_us…
|
CWE-89
SQL Injection
|
CVE-2014-5503
|
2024-11-21 11:12 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277532
|
- |
|
cyberoam
|
cyberoam_os
|
The Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote authenticated users to inject arbitrary commands via a (1) checkcert_key, (2) webclient_portal_settings, (3) sslvpn_liveu…
|
CWE-78
OS Command
|
CVE-2014-5502
|
2024-11-21 11:12 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277533
|
- |
|
cyberoam
|
cyberoam_os
|
Stack-based buffer overflow in the diagnose service in the Sophos Cyberoam appliances with CyberoamOS before 10.6.1 GA allows remote attackers to execute arbitrary code via a crafted webpage or file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-5501
|
2024-11-21 11:12 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277534
|
- |
|
yorba
|
geary
|
Geary before 0.6.3 does not present the user with a warning when a TLS certificate error is detected, which makes it easier for remote attackers to conduct man-in-the-middle attacks via a crafted cer…
|
CWE-310
Cryptographic Issues
|
CVE-2014-5444
|
2024-11-21 11:12 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277535
|
- |
|
php
oracle
opensuse
|
php
solaris
evergreen
opensuse
|
The PEAR_REST class in REST.php in PEAR in PHP through 5.6.0 allows local users to write to arbitrary files via a symlink attack on a (1) rest.cachefile or (2) rest.cacheid file in /tmp/pear/cache/, …
|
CWE-59
Link Following
|
CVE-2014-5459
|
2024-11-21 11:12 |
2014-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277536
|
- |
|
geniuscloud
|
smart_browser
|
The Smart Browser (aka smartbrowser.geniuscloud) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain …
|
CWE-310
Cryptographic Issues
|
CVE-2014-5809
|
2024-11-21 11:12 |
2014-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277537
|
- |
|
mr384
|
mzone_login
|
The Mzone Login (aka com.mr384.MzoneLogin) application 1.2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sens…
|
CWE-310
Cryptographic Issues
|
CVE-2014-5665
|
2024-11-21 11:12 |
2014-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277538
|
- |
|
schneider-electric
aveva
|
scada_expert_clearscada
clearscada
|
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 uses the MD5 algorithm for an X.509 certificate, which makes it easier for remote attackers to spoof servers via a cryp…
|
CWE-310
Cryptographic Issues
|
CVE-2014-5413
|
2024-11-21 11:12 |
2014-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277539
|
- |
|
schneider-electric
aveva
|
scada_expert_clearscada
clearscada
|
Schneider Electric StruxureWare SCADA Expert ClearSCADA 2010 R3 through 2014 R1 allows remote attackers to read database records by leveraging access to the guest account.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5412
|
2024-11-21 11:12 |
2014-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277540
|
- |
|
fatfreecrm
|
fat_free_crm
|
Multiple cross-site scripting (XSS) vulnerabilities in app/views/layouts/application.html.haml in Fat Free CRM before 0.13.3 allow remote attackers to inject arbitrary web script or HTML via the (1) …
|
CWE-79
Cross-site Scripting
|
CVE-2014-5441
|
2024-11-21 11:12 |
2014-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
