|
279151
|
- |
|
birdblog
|
birdblog
|
Cross-site scripting (XSS) vulnerability in BirdBlog allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-5330
|
2024-11-21 11:11 |
2014-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279152
|
- |
|
partytrack_library_project
|
partytrack_library
|
The PartyTrack library for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certif…
|
CWE-310
Cryptographic Issues
|
CVE-2014-4881
|
2024-11-21 11:11 |
2014-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279153
|
- |
|
huawei
|
e5332_firmware
e5332
|
Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long parameter in an API s…
|
CWE-399
Resource Management Errors
|
CVE-2014-5328
|
2024-11-21 11:11 |
2014-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279154
|
- |
|
huawei
|
e5332_firmware
e5332
|
Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long URI.
|
CWE-399
Resource Management Errors
|
CVE-2014-5327
|
2024-11-21 11:11 |
2014-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279155
|
- |
|
bmc
|
track-it\!
|
BMC Track-It! 11.3.0.355 allows remote authenticated users to read arbitrary files by visiting the TrackItWeb/Attachment page.
|
CWE-200
Information Exposure
|
CVE-2014-4874
|
2024-11-21 11:11 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279156
|
- |
|
bmc
|
track-it\!
|
SQL injection vulnerability in TrackItWeb/Grid/GetData in BMC Track-It! 11.3.0.355 allows remote authenticated users to execute arbitrary SQL commands via crafted POST data.
|
CWE-89
SQL Injection
|
CVE-2014-4873
|
2024-11-21 11:11 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279157
|
- |
|
bmc
|
track-it\!
|
BMC Track-It! 11.3.0.355 does not require authentication on TCP port 9010, which allows remote attackers to upload arbitrary files, execute arbitrary code, or obtain sensitive credential and configur…
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2014-4872
|
2024-11-21 11:11 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279158
|
- |
|
cryoserver
|
cryoserver_security_appliance
|
Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/init.d/cryoserver, which allows local users to gain privileges by leveraging access to the support account and running the /bin/cryo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4867
|
2024-11-21 11:11 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279159
|
- |
|
mit
|
kerberos_5
|
The kadm5_randkey_principal_3 function in lib/kadm5/srv/svr_principal.c in kadmind in MIT Kerberos 5 (aka krb5) before 1.13 sends old keys in a response to a -randkey -keepold request, which allows r…
|
CWE-255
Credentials Management
|
CVE-2014-5351
|
2024-11-21 11:11 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279160
|
- |
|
x2engine
|
x2engine
|
FileUploadsFilter.php in X2Engine 4.1.7 and earlier, when running on case-insensitive file systems, allows remote attackers to bypass the upload blacklist and conduct unrestricted file upload attacks…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5298
|
2024-11-21 11:11 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
