|
279321
|
- |
|
sap
|
netweaver_business_warehouse
|
The SAP Netweaver Business Warehouse component does not properly restrict access to the functions in the BW-SYS-DB-DB4 function group, which allows remote authenticated users to obtain sensitive info…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5174
|
2024-11-21 11:11 |
2014-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279322
|
- |
|
sap
|
hana_extended_application_services
|
SAP HANA Extend Application Services (XS) allows remote attackers to bypass access restrictions via a request to a private IU5 SDK application that was once public.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5173
|
2024-11-21 11:11 |
2014-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279323
|
- |
|
sap
|
hana
|
Multiple cross-site scripting (XSS) vulnerabilities in the XS Administration Tools in SAP HANA allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-5172
|
2024-11-21 11:11 |
2014-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279324
|
- |
|
sap
|
hana_extended_application_services
|
SAP HANA Extend Application Services (XS) does not encrypt transmissions for applications that enable form based authentication using SSL, which allows remote attackers to obtain credentials and othe…
|
CWE-310
Cryptographic Issues
|
CVE-2014-5171
|
2024-11-21 11:11 |
2014-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279325
|
- |
|
torproject
|
tor
|
Tor before 0.2.4.23 and 0.2.5 before 0.2.5.6-alpha maintains a circuit after an inbound RELAY_EARLY cell is received by a client, which makes it easier for remote attackers to conduct traffic-confirm…
|
NVD-CWE-Other
|
CVE-2014-5117
|
2024-11-21 11:11 |
2014-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279326
|
- |
|
cairographics
|
cairo
|
The cairo_image_surface_get_data function in Cairo 1.10.2, as used in GTK+ and Wireshark, allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a large string.
|
NVD-CWE-Other
|
CVE-2014-5116
|
2024-11-21 11:11 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279327
|
- |
|
dirphp_project
|
dirphp
|
Absolute path traversal vulnerability in DirPHP 1.0 allows remote attackers to read arbitrary files via a full pathname in the phpfile parameter to index.php.
|
CWE-22
Path Traversal
|
CVE-2014-5115
|
2024-11-21 11:11 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279328
|
- |
|
webidsupport
|
webid
|
WeBid 1.1.1 allows remote attackers to conduct an LDAP injection attack via the (1) js or (2) cat parameter.
|
NVD-CWE-Other
|
CVE-2014-5114
|
2024-11-21 11:11 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279329
|
- |
|
apple
canonical
|
cups
ubuntu_linux
|
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5031
|
2024-11-21 11:11 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279330
|
- |
|
canonical
apple
|
ubuntu_linux
cups
|
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
|
CWE-59
Link Following
|
CVE-2014-5030
|
2024-11-21 11:11 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
