|
277151
|
6.1 |
MEDIUM
Network
|
subscribe2_project
|
subscribe2
|
Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip param…
|
CWE-79
Cross-site Scripting
|
CVE-2014-6604
|
2024-11-21 11:14 |
2018-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277152
|
9.8 |
CRITICAL
Network
|
industrial.softing
|
fg-100_pb_profibus_firmware
|
Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2014-6617
|
2024-11-21 11:14 |
2018-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277153
|
9.8 |
CRITICAL
Network
|
aztech
|
adsl_dsl5018en_\(1t1r\)_firmware
dsl705e_firmware
dsl705eu_firmware
|
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file.
|
CWE-200
Information Exposure
|
CVE-2014-6437
|
2024-11-21 11:14 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277154
|
9.8 |
CRITICAL
Network
|
aztech
|
adsl_dsl5018en_\(1t1r\)_firmware
dsl705e_firmware
dsl705eu_firmware
|
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary com…
|
CWE-287
Improper Authentication
|
CVE-2014-6436
|
2024-11-21 11:14 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277155
|
7.5 |
HIGH
Network
|
aztech
|
adsl_dsl5018en_\(1t1r\)_firmware
dsl705e_firmware
dsl705eu_firmware
|
cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity r…
|
CWE-287
Improper Authentication
|
CVE-2014-6435
|
2024-11-21 11:14 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277156
|
7.5 |
HIGH
Network
|
ruby-lang
|
ruby
|
The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or applica…
|
CWE-399
Resource Management Errors
|
CVE-2014-6438
|
2024-11-21 11:14 |
2017-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277157
|
6.1 |
MEDIUM
Network
|
openjsf
|
express
|
The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduc…
|
CWE-79
Cross-site Scripting
|
CVE-2014-6393
|
2024-11-21 11:14 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277158
|
7.5 |
HIGH
Network
|
microsoft
|
internet_explorer
|
Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 allows remote attackers to execute arbitrary code.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-6354
|
2024-11-21 11:14 |
2017-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277159
|
9.8 |
CRITICAL
Network
|
videolan
|
vlc
|
VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-6440
|
2024-11-21 11:14 |
2017-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277160
|
4.3 |
MEDIUM
Network
|
roundup-tracker
debian
|
roundup
debian_linux
|
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-6276
|
2024-11-21 11:14 |
2016-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
