|
278191
|
- |
|
sap
|
fi_manager_self-service
|
SAP FI Manager Self-Service has a hard-coded user name, which makes it easier for remote attackers to obtain access via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2014-5176
|
2024-11-21 11:11 |
2014-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278192
|
- |
|
sap
|
solution_manager
|
The License Measurement servlet in SAP Solution Manager 7.1 allows remote attackers to bypass authentication via unspecified vectors, related to a verb tampering attack and SAP_JTECHS.
|
CWE-287
Improper Authentication
|
CVE-2014-5175
|
2024-11-21 11:11 |
2014-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278193
|
- |
|
sap
|
netweaver_business_warehouse
|
The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive info…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5174
|
2024-11-21 11:11 |
2014-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278194
|
- |
|
sap
|
hana_extended_application_services
|
SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5173
|
2024-11-21 11:11 |
2014-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278195
|
- |
|
sap
|
hana
|
Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-5172
|
2024-11-21 11:11 |
2014-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278196
|
- |
|
sap
|
hana_extended_application_services
|
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and othe…
|
CWE-310
Cryptographic Issues
|
CVE-2014-5171
|
2024-11-21 11:11 |
2014-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278197
|
- |
|
torproject
|
tor
|
Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirm…
|
NVD-CWE-Other
|
CVE-2014-5117
|
2024-11-21 11:11 |
2014-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278198
|
- |
|
cairographics
|
cairo
|
The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string.
|
NVD-CWE-Other
|
CVE-2014-5116
|
2024-11-21 11:11 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278199
|
- |
|
dirphp_project
|
dirphp
|
Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php.
|
CWE-22
Path Traversal
|
CVE-2014-5115
|
2024-11-21 11:11 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278200
|
- |
|
webidsupport
|
webid
|
WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter.
|
NVD-CWE-Other
|
CVE-2014-5114
|
2024-11-21 11:11 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
