|
279831
|
- |
|
netiq
|
identity_manager
|
The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager (aka IDM) 4.0.2 allows local users to execute arbitrary commands by leveraging eDirecto…
|
NVD-CWE-Other
|
CVE-2014-4509
|
2024-11-21 11:10 |
2014-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279832
|
- |
|
theforeman
|
foreman
|
Directory traversal vulnerability in Smart-Proxy in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to overwrite arbitrary files via a .. (dot dot) in the dst parameter to tftp/fe…
|
CWE-22
Path Traversal
|
CVE-2014-4507
|
2024-11-21 11:10 |
2014-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279833
|
- |
|
louis_jimenez
|
custom_meta
|
Cross-site scripting (XSS) vulnerability in the Custom Meta module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.3 for Drupal allows remote authenticated users with the "administer custom meta sett…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4506
|
2024-11-21 11:10 |
2014-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279834
|
- |
|
roger_padilla_camacho
|
easy_breadcrumb
|
Cross-site scripting (XSS) vulnerability in the Easy Breadcrumb module 7.x-2.x before 7.x-2.10 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-4505
|
2024-11-21 11:10 |
2014-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279835
|
7.5 |
HIGH
Network
|
zte
|
zxv10_w300_firmware
|
ZTE ZXV10 W300 router with firmware W300V1.0.0a_ZRD_LK stores sensitive information under the web root with insufficient access control, which allows remote attackers to read backup files via a direc…
|
CWE-200
Information Exposure
|
CVE-2014-4019
|
2024-11-21 11:09 |
2020-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279836
|
9.8 |
CRITICAL
Network
|
freebsd
|
freebsd
|
OpenPAM Nummularia 9.2 through 10.0 does not properly handle the error reported when an include directive refers to a policy that does not exist, which causes the loaded policy chain to no be discard…
|
CWE-287
Improper Authentication
|
CVE-2014-3879
|
2024-11-21 11:09 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279837
|
9.1 |
CRITICAL
Network
|
bssys
|
rbs_bs-client._retail_client
|
A Two-Factor Authentication Bypass Vulnerability exists in BS-Client Private Client 2.4 and 2.5 via an XML request that neglects the use of ADPswID and AD parameters, which could let a malicious user…
|
CWE-287
Improper Authentication
|
CVE-2014-4198
|
2024-11-21 11:09 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279838
|
9.8 |
CRITICAL
Network
|
freereprintables
|
articlefr
|
A Privilege Escalation Vulnerability exists in Free Reprintables ArticleFR 11.06.2014 due to insufficient access restrictions in the data.php script, which could let a remote malicious user obtain ac…
|
CWE-269
Improper Privilege Management
|
CVE-2014-4170
|
2024-11-21 11:09 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279839
|
9.3 |
CRITICAL
Network
|
netgear
|
cg3100_firmware
|
A vulnerability exists in Netgear CG3100 devices before 3.9.2421.13.mp3 V0027 via an embed malicious script in an unspecified page, which could let a malicious user obtain sensitive information.
|
CWE-79
Cross-site Scripting
|
CVE-2014-3919
|
2024-11-21 11:09 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279840
|
7.8 |
HIGH
Local
|
xilisoft
|
video_converter
|
Xilisoft Video Converter Ultimate 7.8.1 build-20140505 has a DLL Hijacking vulnerability
|
CWE-426
Untrusted Search Path
|
CVE-2014-3860
|
2024-11-21 11:09 |
2020-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
