|
280011
|
9.8 |
CRITICAL
Network
|
arubanetworks
|
web_management_portal
|
Unrestricted file upload vulnerability in Aruba Web Management portal allows remote attackers to execute arbitrary code by uploading a file with an executable extension.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2014-2592
|
2024-11-21 11:06 |
2018-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280012
|
8.8 |
HIGH
Network
|
x2engine
|
x2crm
|
Unrestricted file upload vulnerability in the ProfileController::actionUploadPhoto method in protected/controllers/ProfileController.php in X2Engine X2CRM before 4.0 allows remote attackers to execut…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2014-2664
|
2024-11-21 11:06 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280013
|
6.1 |
MEDIUM
Network
|
oliver_project
|
oliver
|
Multiple cross-site scripting (XSS) vulnerabilities in Oliver (formerly Webshare) 1.3.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the (1) login pa…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2710
|
2024-11-21 11:06 |
2017-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280014
|
- |
|
php_font_lib_project
|
php_font_lib
|
Cross-site scripting (XSS) vulnerability in www/make_subset.php in PHP Font Lib before 0.3.1 allows remote attackers to inject arbitrary web script or HTML via the name parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-2570
|
2024-11-21 11:06 |
2015-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280015
|
- |
|
check_mk_project
|
check_mk
|
Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allows remote authenticated users to delete arbitrary files via a request to an unspecified link, related to "Insecure Direct Object References." NOT…
|
CWE-20
Improper Input Validation
|
CVE-2014-2332
|
2024-11-21 11:06 |
2015-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280016
|
- |
|
check_mk_project
|
check_mk
|
Check_MK 1.2.2p2, 1.2.2p3, and 1.2.3i5 allows remote authenticated users to execute arbitrary Python code via a crafted rules.mk file in a snapshot. NOTE: this can be exploited by remote attackers b…
|
CWE-94
Code Injection
|
CVE-2014-2331
|
2024-11-21 11:06 |
2015-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280017
|
- |
|
check_mk_project
|
check_mk
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Multisite GUI in Check_MK before 1.2.5i2 allow remote attackers to hijack the authentication of users for requests that (1) upload ar…
|
CWE-352
Origin Validation Error
|
CVE-2014-2330
|
2024-11-21 11:06 |
2015-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280018
|
- |
|
check_mk_project
|
check_mk
|
Multiple cross-site scripting (XSS) vulnerabilities in Check_MK before 1.2.2p3 and 1.2.3x before 1.2.3i5 allow remote authenticated users to inject arbitrary web script or HTML via the (1) agent stri…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2329
|
2024-11-21 11:06 |
2015-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280019
|
- |
|
ge
|
intelligent_platforms_proficy_hmi\/scada_cimplicity
|
The (1) CimView and (2) CimEdit components in GE Proficy HMI/SCADA-CIMPLICITY 8.2 and earlier allow remote attackers to gain privileges via a crafted CIMPLICITY screen (aka .CIM) file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-2355
|
2024-11-21 11:06 |
2015-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280020
|
- |
|
quick_page\/post_redirect_project
|
quick_page\/post_redirect
|
Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests t…
|
CWE-352
Origin Validation Error
|
CVE-2014-2598
|
2024-11-21 11:06 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
