|
277901
|
8.8 |
HIGH
Network
|
boot2docker
|
boot2docker
|
boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons enabling TCP connections without TLS authentication.
|
CWE-352
Origin Validation Error
|
CVE-2014-5280
|
2024-11-21 11:11 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277902
|
8.8 |
HIGH
Network
|
boot2docker
|
boot2docker
|
The Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitr…
|
CWE-284
Improper Access Control
|
CVE-2014-5279
|
2024-11-21 11:11 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277903
|
5.4 |
MEDIUM
Network
|
oxid-esales
|
eshop
|
OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4919
|
2024-11-21 11:11 |
2018-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277904
|
8.8 |
HIGH
Network
|
microsemi
|
s350i_firmware
|
Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5070
|
2024-11-21 11:11 |
2018-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277905
|
7.5 |
HIGH
Network
|
microsemi
|
s350i_firmware
|
Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) …
|
CWE-22
Path Traversal
|
CVE-2014-5068
|
2024-11-21 11:11 |
2018-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277906
|
7.8 |
HIGH
Local
|
brbackup_project
|
brbackup
|
lib/brbackup.rb in the brbackup gem 0.1.1 for Ruby places the database password on the mysql command line, which allows local users to obtain sensitive information by listing the process.
|
CWE-200
Information Exposure
|
CVE-2014-5004
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277907
|
5.5 |
MEDIUM
Local
|
ciborg_project
|
ciborg
|
chef/travis-cookbooks/ci_environment/perlbrew/recipes/default.rb in the ciborg gem 3.0.0 for Ruby allows local users to write to arbitrary files and gain privileges via a symlink attack on /tmp/perlb…
|
CWE-20
Improper Input Validation
|
CVE-2014-5003
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277908
|
7.8 |
HIGH
Local
|
lynx_project
|
lynx
|
The lynx gem before 1.0.0 for Ruby places the configured password on command lines, which allows local users to obtain sensitive information by listing processes.
|
CWE-255
Credentials Management
|
CVE-2014-5002
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277909
|
7.8 |
HIGH
Local
|
kcapifony_project
|
kcapifony
|
lib/ksymfony1.rb in the kcapifony gem 2.1.6 for Ruby places database user passwords on the (1) mysqldump, (2) pg_dump, (3) mysql, and (4) psql command lines, which allows local users to obtain sensit…
|
CWE-200
Information Exposure
|
CVE-2014-5001
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277910
|
7.8 |
HIGH
Local
|
lawn-login_project
|
lawn-login
|
The login function in lib/lawn.rb in the lawn-login gem 0.0.7 for Ruby places credentials on the curl command line, which allows local users to obtain sensitive information by listing the process.
|
CWE-200
Information Exposure
|
CVE-2014-5000
|
2024-11-21 11:11 |
2018-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
