|
279091
|
- |
|
novell
|
edirectory
|
Cross-site scripting (XSS) vulnerability in nds/search/data in iMonitor in Novell eDirectory before 8.8 SP8 Patch 4 allows remote attackers to inject arbitrary web script or HTML via the rdn paramete…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5212
|
2024-11-21 11:11 |
2014-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279092
|
- |
|
mit
|
kerberos
kerberos_5
|
plugins/kdb/ldap/libkdb_ldap/ldap_principal2.c in MIT Kerberos 5 (aka krb5) 1.12.x and 1.13.x before 1.13.1, when the KDC uses LDAP, allows remote authenticated users to cause a denial of service (NU…
|
NVD-CWE-Other
|
CVE-2014-5354
|
2024-11-21 11:11 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279093
|
- |
|
mit
redhat
fedoraproject
debian
canonical
oracle
opensuse
|
kerberos_5
enterprise_linux_server
enterprise_linux_server_aus
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_eus
enterprise_linux_server_tus
fedora
de…
|
The krb5_ldap_get_password_policy_from_dn function in plugins/kdb/ldap/libkdb_ldap/ldap_pwd_policy.c in MIT Kerberos 5 (aka krb5) before 1.13.1, when the KDC uses LDAP, allows remote authenticated us…
|
CWE-476
NULL Pointer Dereference
|
CVE-2014-5353
|
2024-11-21 11:11 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279094
|
- |
|
safenet-inc
|
safenet_authentication_service_outlook_web_access_agent
|
Directory traversal vulnerability in SafeNet Authentication Service (SAS) Outlook Web Access Agent (formerly CRYPTOCard) before 1.03.30109 allows remote attackers to read arbitrary files via a .. (do…
|
CWE-22
Path Traversal
|
CVE-2014-5359
|
2024-11-21 11:11 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279095
|
- |
|
malwarebytes
|
malwarebytes_anti-exploit
malwarebytes_anti-malware
|
The upgrade functionality in Malwarebytes Anti-Malware (MBAM) consumer before 2.0.3 and Malwarebytes Anti-Exploit (MBAE) consumer 1.04.1.1012 and earlier allow man-in-the-middle attackers to execute …
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2014-4936
|
2024-11-21 11:11 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279096
|
- |
|
hikvision
|
dvr_ds-7204_firmware
|
Buffer overflow in Hikvision DVR DS-7204 Firmware 2.2.10 build 131009, and other models and versions, allows remote attackers to execute arbitrary code via an RTSP PLAY request with a long Authorizat…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-4880
|
2024-11-21 11:11 |
2014-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279097
|
- |
|
ossec
|
ossec
|
host-deny.sh in OSSEC before 2.8.1 writes to temporary files with predictable filenames without verifying ownership, which allows local users to modify access restrictions in hosts.deny and gain root…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5284
|
2024-11-21 11:11 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279098
|
- |
|
fasttoggle_project
|
fasttoggle
|
The Fasttoggle module 7.x-1.3 and 7.x-1.4 for Drupal allows remote attackers to block or unblock an account via a crafted user status link.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5268
|
2024-11-21 11:11 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279099
|
- |
|
open-xchange
|
app_suite
|
Server-side request forgery (SSRF) vulnerability in the documentconverter component in Open-Xchange (OX) AppSuite before 7.4.2-rev10 and 7.6.x before 7.6.0-rev10 allows remote attackers to trigger re…
|
NVD-CWE-Other
|
CVE-2014-5237
|
2024-11-21 11:11 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279100
|
- |
|
lwip_project
|
lwip
|
resolv.c in the DNS resolver in uIP, and dns.c in the DNS resolver in lwIP 1.4.1 and earlier, does not use random values for ID fields and source ports of DNS query packets, which makes it easier for…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2014-4883
|
2024-11-21 11:11 |
2014-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
