|
277221
|
- |
|
magzter
|
bbc_knowledge_magazine
|
The BBC Knowledge Magazine (aka com.magzter.bbcknowledge) application 3.01 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers a…
|
CWE-310
Cryptographic Issues
|
CVE-2014-7418
|
2024-11-21 11:17 |
2014-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277222
|
- |
|
realacademiabellasartessanfernando
|
real_academia_de_bellas_artes
|
The Real Academia de Bellas Artes (aka com.adianteventures.adianteapps.real_academia_de_bellas_artes) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man…
|
CWE-310
Cryptographic Issues
|
CVE-2014-7417
|
2024-11-21 11:17 |
2014-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277223
|
- |
|
pocketmags
|
craft_stamper_magazine
|
The Craft Stamper Magazine (aka com.triactivemedia.craftstamper) application @7F080183 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spo…
|
CWE-310
Cryptographic Issues
|
CVE-2014-7416
|
2024-11-21 11:17 |
2014-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277224
|
9.8 |
CRITICAL
Network
|
farsite
|
farlinx_x25_gateway_firmware
|
FarLinX X25 Gateway through 2014-09-25 allows attackers to write arbitrary data to fsUI.xyz via fsSaveUIPersistence.php.
|
CWE-787
Out-of-bounds Write
|
CVE-2014-7175
|
2024-11-21 11:16 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277225
|
5.3 |
MEDIUM
Network
|
farsite
|
farlinx_x25_gateway_firmware
|
FarLinX X25 Gateway through 2014-09-25 allows directory traversal via the log-handling feature.
|
CWE-22
Path Traversal
|
CVE-2014-7174
|
2024-11-21 11:16 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277226
|
9.8 |
CRITICAL
Network
|
farsite
|
farlinx_x25_gateway_firmware
|
FarLinX X25 Gateway through 2014-09-25 allows command injection via shell metacharacters to sysSaveMonitorData.php, fsx25MonProxy.php, syseditdate.php, iframeupload.php, or sysRestoreX25Cplt.php.
|
CWE-78
OS Command
|
CVE-2014-7173
|
2024-11-21 11:16 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277227
|
9.1 |
CRITICAL
Network
|
twiki
|
twiki
|
Eval injection vulnerability in lib/TWiki/Plugins.pm in TWiki before 6.0.1 allows remote attackers to execute arbitrary Perl code via the debugenableplugins parameter to do/view/Main/WebHome.
|
CWE-74
Injection
|
CVE-2014-7236
|
2024-11-21 11:16 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277228
|
8.8 |
HIGH
Network
|
google
|
android
|
A Code Execution vulnerability exists in Android prior to 4.4.0 related to the addJavascriptInterface method and the accessibility and accessibilityTraversal objects, which could let a remote malicio…
|
CWE-20
Improper Input Validation
|
CVE-2014-7224
|
2024-11-21 11:16 |
2020-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277229
|
7.8 |
HIGH
Local
|
hp
|
sgi_tempo
|
SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to obtain password hashes and possibly other unspecified sensitive information by reading et…
|
CWE-276
Incorrect Default Permissions
|
CVE-2014-7303
|
2024-11-21 11:16 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277230
|
7.8 |
HIGH
Local
|
hp
|
sgi_tempo
|
SGI Tempo, as used on SGI ICE-X systems, uses weak permissions for certain files, which allows local users to change the permissions of arbitrary files by executing /opt/sgi/sgimc/bin/vx.
|
CWE-276
Incorrect Default Permissions
|
CVE-2014-7302
|
2024-11-21 11:16 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
