|
279861
|
- |
|
cisco
|
telepresence_system_software
|
Cisco TelePresence System (CTS) 6.0(.5)(5) and earlier falls back to HTTP when certain HTTPS sessions cannot be established, which allows man-in-the-middle attackers to obtain sensitive directory inf…
|
CWE-310
Cryptographic Issues
|
CVE-2014-3274
|
2024-11-21 11:07 |
2014-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279862
|
- |
|
cisco
|
tidal_enterprise_scheduler
|
The Agent in Cisco Tidal Enterprise Scheduler (TES) 6.1 and earlier allows local users to gain privileges via crafted Tidal Job Buffers (TJB) parameters, aka Bug ID CSCuo33074.
|
CWE-20
Improper Input Validation
|
CVE-2014-3272
|
2024-11-21 11:07 |
2014-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279863
|
- |
|
cisco
|
security_manager
|
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests tha…
|
CWE-352
Origin Validation Error
|
CVE-2014-3267
|
2024-11-21 11:07 |
2014-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279864
|
- |
|
cisco
|
security_manager
|
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, ak…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3266
|
2024-11-21 11:07 |
2014-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279865
|
- |
|
cisco
|
ios_xe
asr_1001
asr_1002
asr_1002-x
asr_1002_fixed_router
asr_1004
asr_1006
asr_1013
asr_1023_router
|
Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180.
|
CWE-20
Improper Input Validation
|
CVE-2014-3284
|
2024-11-21 11:07 |
2014-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279866
|
- |
|
bizagi
|
business_process_management_suite
|
SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote authenticated users to execute arbitrary SQL commands via a crafted SOAP request.
|
CWE-89
SQL Injection
|
CVE-2014-2948
|
2024-11-21 11:07 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279867
|
- |
|
bizagi
|
business_process_management_suite
|
Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote attackers to inject arbitrary web script or HTML via the txtUsername parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-2947
|
2024-11-21 11:07 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279868
|
- |
|
hanon
|
faceid_f810_firmware
faceid
faceid_f710_firmware
faceid_fk800_firmware
faceid_fa007_firmware
|
Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands.
|
CWE-287
Improper Authentication
|
CVE-2014-2938
|
2024-11-21 11:07 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279869
|
- |
|
dotonpaper
|
booking_system
|
SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via…
|
CWE-89
SQL Injection
|
CVE-2014-3210
|
2024-11-21 11:07 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279870
|
- |
|
fedoraproject
google
|
fedora
v8
chrome
|
Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to…
|
CWE-189
Numeric Errors
|
CVE-2014-3152
|
2024-11-21 11:07 |
2014-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
