|
277931
|
5.4 |
MEDIUM
Network
|
telescopeapp
|
telescope
|
Cross-site scripting (XSS) vulnerability in Telescope before 0.9.3 allows remote authenticated users to inject arbitrary web script or HTML via crafted markdown.
|
CWE-79
Cross-site Scripting
|
CVE-2014-5144
|
2024-11-21 11:11 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277932
|
9.8 |
CRITICAL
Network
|
snoopy
redhat
nagios
|
snoopy
openstack
nagios
|
Snoopy allows remote attackers to execute arbitrary commands. NOTE: this vulnerability exists due to an incomplete fix for CVE-2014-5008.
|
CWE-77
Command Injection
|
CVE-2014-5009
|
2024-11-21 11:11 |
2017-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277933
|
9.8 |
CRITICAL
Network
|
snoopy
redhat
debian
|
snoopy
openstack
debian_linux
|
Snoopy allows remote attackers to execute arbitrary commands.
|
CWE-77
Command Injection
|
CVE-2014-5008
|
2024-11-21 11:11 |
2017-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277934
|
6.8 |
MEDIUM
Network
|
eucalyptus
|
eucalyptus
|
HP Helion Eucalyptus 4.1.x before 4.1.2 and HPE Helion Eucalyptus 4.2.x before 4.2.1 allow remote authenticated users to bypass intended access restrictions and modify arbitrary (1) access key creden…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5040
|
2024-11-21 11:11 |
2016-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277935
|
3.7 |
LOW
Network
|
toshiba
|
4690_operating_system
|
Toshiba 4690 Operating System 6 Release 3, when the ADXSITCF logical name is not properly restricted, allows remote attackers to read potentially sensitive system environment variables via a crafted …
|
CWE-200
Information Exposure
|
CVE-2014-4876
|
2024-11-21 11:11 |
2015-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277936
|
- |
|
hospira
|
lifecare_pcainfusion_firmware
|
The Hospira LifeCare PCA Infusion System before 7.0 does not validate network traffic associated with sending a (1) drug library, (2) software update, or (3) configuration change, which allows remote…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2014-5406
|
2024-11-21 11:11 |
2015-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277937
|
- |
|
toshiba
|
chec
|
CreateBossCredentials.jar in Toshiba CHEC before 6.6 build 4014 and 6.7 before build 4329 contains a hardcoded AES key, which allows attackers to discover Back Office System Server (BOSS) DB2 databas…
|
CWE-255
CWE-200
Credentials Management
Information Exposure
|
CVE-2014-4875
|
2024-11-21 11:11 |
2015-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277938
|
- |
|
aptexx
|
resident_anywhere
|
Aptexx Resident Anywhere does not require authentication, which allows remote attackers to obtain sensitive information or modify data via a direct request.
|
CWE-287
Improper Authentication
|
CVE-2014-4882
|
2024-11-21 11:11 |
2015-06-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277939
|
- |
|
new_atlanta
|
bluedragon
|
Directory traversal vulnerability in the CFChart servlet (com.naryx.tagfusion.cfm.cfchartServlet) in New Atlanta BlueDragon before 7.1.1.18527 allows remote attackers to read or possibly delete arbit…
|
CWE-22
Path Traversal
|
CVE-2014-5370
|
2024-11-21 11:11 |
2015-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277940
|
- |
|
landesk
|
landesk_management_suite
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Landesk Management Suite 9.6 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) star…
|
CWE-352
Origin Validation Error
|
CVE-2014-5361
|
2024-11-21 11:11 |
2015-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
