|
279841
|
8.8 |
HIGH
Network
|
zeuscart
|
zeuscart
|
Multiple SQL injection vulnerabilities in ZeusCart 4.x.
|
CWE-89
SQL Injection
|
CVE-2014-3868
|
2024-11-21 11:09 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279842
|
7.5 |
HIGH
Network
|
bytemark
|
symbiosis
|
Bytemark Symbiosis allows remote attackers to cause a denial of service via a crafted username, which triggers the firewall to blacklist the IP.
|
NVD-CWE-noinfo
|
CVE-2014-3979
|
2024-11-21 11:09 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279843
|
5.3 |
MEDIUM
Network
|
proxmox
|
virtual_environment
|
Proxmox VE prior to 3.2: 'AccessControl.pm' User Enumeration Vulnerability
|
CWE-203
Information Exposure Through Discrepancy
|
CVE-2014-4156
|
2024-11-21 11:09 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279844
|
9.8 |
CRITICAL
Network
|
apereo
debian
fedoraproject
|
.net_cas_client
java_cas_client
phpcas
debian_linux
fedora
|
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before…
|
CWE-74
Injection
|
CVE-2014-4172
|
2024-11-21 11:09 |
2020-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279845
|
6.1 |
MEDIUM
Network
|
bssys
|
rbs_bs-client
|
Cross-site scripting (XSS) vulnerability in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allows remote attackers to inject arbitrary web script or HTML via the colorstyle parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-4196
|
2024-11-21 11:09 |
2020-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279846
|
6.1 |
MEDIUM
Network
|
ulli_horlacher
|
fex
|
The addto parameter to fup in Frams' Fast File EXchange (F*EX, aka fex) before fex-2014053 allows remote attackers to conduct cross-site scripting (XSS) attacks
|
CWE-79
Cross-site Scripting
|
CVE-2014-3875
|
2024-11-21 11:09 |
2019-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279847
|
5.5 |
MEDIUM
Local
|
s48
|
scheme48
|
The scheme48-send-definition function in cmuscheme48.el in Scheme 48 allows local users to write to arbitrary files via a symlink attack on /tmp/s48lose.tmp.
|
CWE-59
Link Following
|
CVE-2014-4150
|
2024-11-21 11:09 |
2018-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279848
|
8.1 |
HIGH
Network
|
horde
|
horde_ldap
|
The Horde_Ldap library before 2.0.6 for Horde allows remote attackers to bypass authentication by leveraging knowledge of the LDAP bind user DN.
|
CWE-287
Improper Authentication
|
CVE-2014-3999
|
2024-11-21 11:09 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279849
|
9.8 |
CRITICAL
Network
|
opencart
|
opencart
|
The Cart::getProducts method in system/library/cart.php in OpenCart 1.5.6.4 and earlier allows remote attackers to conduct server-side request forgery (SSRF) attacks or possibly conduct XML External …
|
CWE-611
CWE-918
XXE
Server-Side Request Forgery (SSRF)
|
CVE-2014-3990
|
2024-11-21 11:09 |
2018-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279850
|
5.9 |
MEDIUM
Network
|
f5
|
big-ip_local_traffic_manager
big-ip_application_acceleration_manager
big-ip_advanced_firewall_manager
big-ip_analytics
big-ip_access_policy_manager
big-ip_application_security_manager<…
|
SSL virtual servers in F5 BIG-IP systems 10.x before 10.2.4 HF9, 11.x before 11.2.1 HF12, 11.3.0 before HF10, 11.4.0 before HF8, 11.4.1 before HF5, 11.5.0 before HF5, and 11.5.1 before HF5, when used…
|
CWE-200
Information Exposure
|
CVE-2014-4024
|
2024-11-21 11:09 |
2018-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
