|
277861
|
6.8 |
MEDIUM
Physics
|
tianocore
|
edk2
|
Multiple integer overflows in the Pre-EFI Initialization (PEI) boot phase in the Capsule Update feature in the UEFI implementation in EDK2 allow physically proximate attackers to bypass intended acce…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2014-4860
|
2024-11-21 11:11 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277862
|
6.8 |
MEDIUM
Physics
|
tianocore
|
edk2
|
Integer overflow in the Drive Execution Environment (DXE) phase in the Capsule Update feature in the UEFI implementation in EDK2 allows physically proximate attackers to bypass intended access restri…
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2014-4859
|
2024-11-21 11:11 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277863
|
9.8 |
CRITICAL
Network
|
zohocorp
|
manageengine_desktop_central
manageengine_desktop_central_managed_service_providers
|
Directory traversal vulnerability in the agentLogUploader servlet in ZOHO ManageEngine Desktop Central (DC) and Desktop Central Managed Service Providers (MSP) edition before 9 build 90055 allows rem…
|
CWE-22
Path Traversal
|
CVE-2014-5007
|
2024-11-21 11:11 |
2020-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277864
|
7.8 |
HIGH
Local
|
open-xchange
|
open-xchange_appsuite
|
XML external entity (XXE) vulnerability in Open-Xchange (OX) AppSuite before 7.4.2-rev11 and 7.6.x before 7.6.0-rev9 allows remote attackers to read arbitrary files and possibly other unspecified imp…
|
CWE-611
XXE
|
CVE-2014-5238
|
2024-11-21 11:11 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277865
|
7.5 |
HIGH
Network
|
iii
|
sierra
|
Innovative Interfaces Sierra Library Services Platform 1.2_3 does not properly handle query strings with multiple instances of the same parameter, which allows remote attackers to bypass parameter va…
|
NVD-CWE-Other
|
CVE-2014-5138
|
2024-11-21 11:11 |
2020-01-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277866
|
9.8 |
CRITICAL
Network
|
granding
|
grand_ma300_firmware
|
Grand MA 300 allows a brute-force attack on the PIN.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2014-5381
|
2024-11-21 11:11 |
2020-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277867
|
7.5 |
HIGH
Network
|
granding
|
grand_ma300_firmware
|
Grand MA 300 allows retrieval of the access PIN from sniffed data.
|
CWE-319
Cleartext Transmission of Sensitive Information
|
CVE-2014-5380
|
2024-11-21 11:11 |
2020-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277868
|
9.8 |
CRITICAL
Network
|
status2k
|
status2k
|
Status2k does not remove the install directory allowing credential reset.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2014-5093
|
2024-11-21 11:11 |
2020-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277869
|
8.8 |
HIGH
Network
|
status2k
|
status2k
|
Status2k allows Remote Command Execution in admin/options/editpl.php.
|
CWE-20
Improper Input Validation
|
CVE-2014-5092
|
2024-11-21 11:11 |
2020-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277870
|
9.8 |
CRITICAL
Network
|
sphider
sphiderpro
sphider-plus
|
sphider
sphider_pro
sphider-plus
|
sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass
|
CWE-287
Improper Authentication
|
CVE-2014-5081
|
2024-11-21 11:11 |
2020-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
