|
277841
|
- |
|
qnap
|
ts-469u_firmware
ts-469u
ts-ec1679u-rp_firmware
ts-ec1679u-rp
ts-459u_firmware
ts-459u
ss-839_firmware
ss-839
|
QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed pass…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5457
|
2024-11-21 11:12 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277842
|
- |
|
social_stats_project
|
social_stats
|
Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the "[Content Type]: Create new content" permission to inject arbi…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5456
|
2024-11-21 11:12 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277843
|
- |
|
privatetunnel
openvpn
|
privatetunnel
openvpn
|
Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a …
|
CWE-428
Unquoted Search Path or Element
|
CVE-2014-5455
|
2024-11-21 11:12 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277844
|
- |
|
sas
|
visual_analytics
|
Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable exte…
|
NVD-CWE-Other
|
CVE-2014-5454
|
2024-11-21 11:12 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277845
|
- |
|
ubi
|
uplay_pc
|
Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: Full Control) for the program installation directory (%PROGRAMFILES%\Ubisoft Game Launcher), which allows local users to gain privil…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5453
|
2024-11-21 11:12 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277846
|
7.5 |
HIGH
Network
|
tripodworks
|
gigapod_officehard_firmware
gigapod_2010_firmware
gigapod_3_firmware
|
GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation.
8001/tcp is served by a versio…
|
NVD-CWE-noinfo
|
CVE-2014-5329
|
2024-11-21 11:11 |
2023-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277847
|
9.8 |
CRITICAL
Network
|
redhat
|
ansible
|
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as d…
|
CWE-74
Injection
|
CVE-2014-4967
|
2024-11-21 11:11 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277848
|
9.8 |
CRITICAL
Network
|
redhat
|
ansible
|
Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code …
|
CWE-74
Injection
|
CVE-2014-4966
|
2024-11-21 11:11 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277849
|
9.8 |
CRITICAL
Network
|
xorux
|
lpar2rrd
|
LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters.
|
CWE-78
OS Command
|
CVE-2014-4981
|
2024-11-21 11:11 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277850
|
8.8 |
HIGH
Network
|
boatmob
|
boat_browser
|
The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web sit…
|
NVD-CWE-noinfo
|
CVE-2014-4968
|
2024-11-21 11:11 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
