|
277881
|
6.1 |
MEDIUM
Network
|
livefyre
|
livecomments
|
Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture.
|
CWE-79
Cross-site Scripting
|
CVE-2014-6420
|
2024-11-21 11:14 |
2019-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277882
|
9.8 |
CRITICAL
Network
|
vanderbilt
debian
|
adaptive_communication_environment
debian_linux
|
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2014-6311
|
2024-11-21 11:14 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277883
|
9.8 |
CRITICAL
Network
|
call-cc
debian
|
chicken
debian_linux
|
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
|
CWE-120
Classic Buffer Overflow
|
CVE-2014-6310
|
2024-11-21 11:14 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277884
|
8.1 |
HIGH
Network
|
wordpress
|
wordpress
|
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2014-6412
|
2024-11-21 11:14 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277885
|
8.8 |
HIGH
Network
|
tryton
|
tryton
|
The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary …
|
CWE-77
Command Injection
|
CVE-2014-6633
|
2024-11-21 11:14 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277886
|
7.5 |
HIGH
Network
|
tenefit
|
kaazing_websocket_gateway
|
The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 and Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4 allow remote attackers to obtain sensitive informat…
|
CWE-200
Information Exposure
|
CVE-2014-6309
|
2024-11-21 11:14 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277887
|
6.1 |
MEDIUM
Network
|
subscribe2_project
|
subscribe2
|
Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip param…
|
CWE-79
Cross-site Scripting
|
CVE-2014-6604
|
2024-11-21 11:14 |
2018-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277888
|
9.8 |
CRITICAL
Network
|
industrial.softing
|
fg-100_pb_profibus_firmware
|
Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2014-6617
|
2024-11-21 11:14 |
2018-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277889
|
9.8 |
CRITICAL
Network
|
aztech
|
adsl_dsl5018en_\(1t1r\)_firmware
dsl705e_firmware
dsl705eu_firmware
|
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file.
|
CWE-200
Information Exposure
|
CVE-2014-6437
|
2024-11-21 11:14 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277890
|
9.8 |
CRITICAL
Network
|
aztech
|
adsl_dsl5018en_\(1t1r\)_firmware
dsl705e_firmware
dsl705eu_firmware
|
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary com…
|
CWE-287
Improper Authentication
|
CVE-2014-6436
|
2024-11-21 11:14 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
