|
279471
|
- |
|
huawei
|
e5332_firmware
e5332
|
Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long URI.
|
CWE-399
Resource Management Errors
|
CVE-2014-5327
|
2024-11-21 11:11 |
2014-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279472
|
- |
|
bmc
|
track-it\!
|
BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page.
|
CWE-200
Information Exposure
|
CVE-2014-4874
|
2024-11-21 11:11 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279473
|
- |
|
bmc
|
track-it\!
|
SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data.
|
CWE-89
SQL Injection
|
CVE-2014-4873
|
2024-11-21 11:11 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279474
|
- |
|
bmc
|
track-it\!
|
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configur…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2014-4872
|
2024-11-21 11:11 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279475
|
- |
|
cryoserver
|
cryoserver_security_appliance
|
Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/init.d/cryoserver, which allows local users to gain privileges by leveraging access to the support account and running the /bin/cryo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4867
|
2024-11-21 11:11 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279476
|
- |
|
mit
|
kerberos_5
|
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows r…
|
CWE-255
Credentials Management
|
CVE-2014-5351
|
2024-11-21 11:11 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279477
|
- |
|
x2engine
|
x2engine
|
FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5298
|
2024-11-21 11:11 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279478
|
- |
|
x2engine
|
x2engine
|
The actionSendErrorReport method in protected/controllers/SiteController.php in X2Engine 2.8 through 4.1.7 allows remote attackers to conduct PHP object injection and Server-Side Request Forgery (SSR…
|
CWE-94
Code Injection
|
CVE-2014-5297
|
2024-11-21 11:11 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279479
|
- |
|
gnupg
debian
|
libgcrypt
debian_linux
|
Libgcrypt before 1.5.4, as used in GnuPG and other products, does not properly perform ciphertext normalization and ciphertext randomization, which makes it easier for physically proximate attackers …
|
CWE-200
Information Exposure
|
CVE-2014-5270
|
2024-11-21 11:11 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279480
|
- |
|
adaptivecomputing
|
moab
|
Adaptive Computing Moab before 7.2.9 and 8 before 8.0.0, when a pre-generated key is used, does not validate that the requesting user matches the actor in the message, which allows remote authenticat…
|
CWE-20
Improper Input Validation
|
CVE-2014-5376
|
2024-11-21 11:11 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
