|
278101
|
- |
|
openstack
canonical
|
keystone
ubuntu_linux
|
The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the tok…
|
CWE-255
Credentials Management
|
CVE-2014-5252
|
2024-11-21 11:11 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278102
|
- |
|
openstack
canonical
|
keystone
ubuntu_linux
|
The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for to…
|
CWE-255
Credentials Management
|
CVE-2014-5251
|
2024-11-21 11:11 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278103
|
- |
|
php
|
php
|
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via …
|
CWE-20
Improper Input Validation
|
CVE-2014-5120
|
2024-11-21 11:11 |
2014-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278104
|
- |
|
mediawiki
|
mediawiki
|
MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attacke…
|
CWE-20
Improper Input Validation
|
CVE-2014-5243
|
2024-11-21 11:11 |
2014-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278105
|
- |
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTM…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5242
|
2024-11-21 11:11 |
2014-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278106
|
- |
|
mediawiki
|
mediawiki
|
The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restr…
|
CWE-352
Origin Validation Error
|
CVE-2014-5241
|
2024-11-21 11:11 |
2014-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278107
|
- |
|
schrack
|
technik_microcontrol_firmware
technik_microcontrol
|
The web interface in Schrack Technik microControl with firmware before 1.7.0 (937) has a hardcoded password of not for the "user" account, which makes it easier for remote attackers to obtain access …
|
NVD-CWE-Other
|
CVE-2014-5396
|
2024-11-21 11:11 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278108
|
- |
|
wp_content_source_control_project
|
wp_content_source_control
|
Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows re…
|
CWE-22
Path Traversal
|
CVE-2014-5368
|
2024-11-21 11:11 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278109
|
- |
|
check_mk_project
|
check_mk
|
Multiple cross-site scripting (XSS) vulnerabilities in the multisite component in Check_MK before 1.2.4p4 and 1.2.5 before 1.2.5i4 allow remote authenticated users to inject arbitrary web script or H…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5338
|
2024-11-21 11:11 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278110
|
- |
|
cacti
|
cacti
|
SQL injection vulnerability in the graph settings script (graph_settings.php) in Cacti 0.8.8b and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2014-5262
|
2024-11-21 11:11 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
