|
282241
|
- |
|
cacti
debian
opensuse
|
cacti
debian_linux
opensuse
|
Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by request…
|
CWE-352
Origin Validation Error
|
CVE-2014-2327
|
2024-11-21 11:06 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282242
|
- |
|
knowledgetree
|
knowledgetree
|
SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attac…
|
CWE-89
SQL Injection
|
CVE-2014-2737
|
2024-11-21 11:06 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282243
|
- |
|
papercut
|
papercut_ng
papercut_mf
|
Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified …
|
CWE-352
Origin Validation Error
|
CVE-2014-2659
|
2024-11-21 11:06 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282244
|
- |
|
mobfox
|
madserve
|
Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) edit_ad_unit.php, (2) view_adu…
|
CWE-89
SQL Injection
|
CVE-2014-2654
|
2024-11-21 11:06 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282245
|
- |
|
winscp
|
winscp
|
WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, whic…
|
CWE-20
Improper Input Validation
|
CVE-2014-2735
|
2024-11-21 11:06 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282246
|
- |
|
asus
t-mobile
|
rt-ac66u_firmware
rt-ac68u_firmware
rt-n10e_firmware
rt-n14u_firmware
rt-n16_firmware
rt-n56u_firmware
rt-n65u_firmware
rt-n66u_firmware
rt-ac68u
tm-ac1900
|
Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator…
|
CWE-200
Information Exposure
|
CVE-2014-2719
|
2024-11-21 11:06 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282247
|
- |
|
cubecart
|
cubecart
|
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
|
CWE-287
Improper Authentication
|
CVE-2014-2341
|
2024-11-21 11:06 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282248
|
- |
|
mediawiki
|
mediawiki
|
includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended lo…
|
CWE-287
Improper Authentication
|
CVE-2014-2665
|
2024-11-21 11:06 |
2014-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282249
|
- |
|
siemens
|
sinema_server
|
Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80.
|
CWE-20
Improper Input Validation
|
CVE-2014-2733
|
2024-11-21 11:06 |
2014-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282250
|
- |
|
siemens
|
sinema_server
|
Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999 or …
|
CWE-22
Path Traversal
|
CVE-2014-2732
|
2024-11-21 11:06 |
2014-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
