|
280701
|
- |
|
cisco
|
emergency_responder
|
Multiple cross-site request forgery (CSRF) vulnerabilities in CERUserServlet pages in Cisco Emergency Responder (ER) 8.6 and earlier allow remote attackers to hijack the authentication of arbitrary u…
|
CWE-352
Origin Validation Error
|
CVE-2014-2115
|
2024-11-21 11:05 |
2014-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280702
|
- |
|
cisco
|
emergency_responder
|
Cross-site scripting (XSS) vulnerability in UserServlet in Cisco Emergency Responder (ER) 8.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, …
|
CWE-79
Cross-site Scripting
|
CVE-2014-2114
|
2024-11-21 11:05 |
2014-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280703
|
- |
|
cisco
|
security_manager
|
CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL,…
|
CWE-20
Improper Input Validation
|
CVE-2014-2138
|
2024-11-21 11:05 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280704
|
- |
|
cisco
|
web_security_appliance
web_security_virtual_appliance
|
CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a …
|
CWE-20
Improper Input Validation
|
CVE-2014-2137
|
2024-11-21 11:05 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280705
|
- |
|
cisco
|
unity_connection
|
Cross-site scripting (XSS) vulnerability in the Web Inbox in Cisco Unity Connection 8.6(2a)SU3 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter,…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2125
|
2024-11-21 11:05 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280706
|
- |
|
pearson
|
esis_enterprise_student_information_system
|
Cross-site scripting (XSS) vulnerability in aal/loginverification.aspx in Pearson eSIS Enterprise Student Information System allows remote attackers to inject arbitrary web script or HTML via unspeci…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1942
|
2024-11-21 11:05 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280707
|
- |
|
posh_project
|
posh
|
The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, w…
|
CWE-255
Credentials Management
|
CVE-2014-2212
|
2024-11-21 11:05 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280708
|
- |
|
openstack
|
keystone
|
The memcache token backend in OpenStack Identity (Keystone) 2013.1 through 2.013.1.4, 2013.2 through 2013.2.2, and icehouse before icehouse-3, when issuing a trust token with impersonation enabled, d…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2237
|
2024-11-21 11:05 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280709
|
- |
|
xen
|
xen
|
The (1) do_send and (2) do_recv functions in io.c in libvchan in Xen 4.2.x, 4.3.x, and 4.4-RC series allows local guests to cause a denial of service or possibly gain privileges via crafted xenstore …
|
CWE-20
Improper Input Validation
|
CVE-2014-1896
|
2024-11-21 11:05 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280710
|
- |
|
xen
|
xen
|
Off-by-one error in the flask_security_avc_cachestats function in xsm/flask/flask_op.c in Xen 4.2.x and 4.3.x, when the maximum number of physical CPUs are in use, allows local users to cause a denia…
|
CWE-189
Numeric Errors
|
CVE-2014-1895
|
2024-11-21 11:05 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
