|
277971
|
- |
|
zenoss
|
zenoss_core
|
Zenoss Core through 5 Beta 3 does not require a password for modifying the pager command string, which allows remote attackers to execute arbitrary commands or cause a denial of service (paging outag…
|
CWE-77
Command Injection
|
CVE-2014-6260
|
2024-11-21 11:14 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277972
|
- |
|
zenoss
|
zenoss_core
|
Zenoss Core through 5 Beta 3 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted XML docu…
|
CWE-399
Resource Management Errors
|
CVE-2014-6259
|
2024-11-21 11:14 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277973
|
- |
|
zenoss
|
zenoss_core
|
An unspecified endpoint in Zenoss Core through 5 Beta 3 allows remote attackers to cause a denial of service (CPU consumption) by triggering an arbitrary regular-expression match attempt, aka ZEN-154…
|
CWE-399
Resource Management Errors
|
CVE-2014-6258
|
2024-11-21 11:14 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277974
|
- |
|
zenoss
|
zenoss_core
|
Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions by using a web-endpoint URL to invoke an object helper method, aka ZEN-15407.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-6257
|
2024-11-21 11:14 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277975
|
- |
|
zenoss
|
zenoss_core
|
Zenoss Core through 5 Beta 3 allows remote attackers to bypass intended access restrictions and place files in a directory with public (1) read or (2) execute access via a move action, aka ZEN-15386.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-6256
|
2024-11-21 11:14 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277976
|
- |
|
zenoss
|
zenoss_core
|
Open redirect vulnerability in the login form in Zenoss Core before 4.2.5 SP161 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via the came_from paramet…
|
NVD-CWE-Other
|
CVE-2014-6255
|
2024-11-21 11:14 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277977
|
- |
|
zenoss
|
zenoss_core
|
Multiple cross-site scripting (XSS) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to inject arbitrary web script or HTML via an attribute in a (1) device name, (2) device det…
|
CWE-79
Cross-site Scripting
|
CVE-2014-6254
|
2024-11-21 11:14 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277978
|
- |
|
zenoss
|
zenoss_core
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Zenoss Core through 5 Beta 3 allow remote attackers to hijack the authentication of arbitrary users, aka ZEN-12653.
|
CWE-352
Origin Validation Error
|
CVE-2014-6253
|
2024-11-21 11:14 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277979
|
- |
|
docker
|
docker
|
Docker 1.3.0 through 1.3.1 allows remote attackers to modify the default run profile of image containers and possibly bypass the container by applying unspecified security options to an image.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-6408
|
2024-11-21 11:14 |
2014-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277980
|
- |
|
docker
|
docker
|
Docker before 1.3.2 allows remote attackers to write to arbitrary files and execute arbitrary code via a (1) symlink or (2) hard link attack in an image archive in a (a) pull or (b) load operation.
|
CWE-59
Link Following
|
CVE-2014-6407
|
2024-11-21 11:14 |
2014-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
