|
280291
|
7.5 |
HIGH
Network
|
nodejs
|
node.js
|
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.
|
CWE-22
Path Traversal
|
CVE-2014-3744
|
2024-11-21 11:08 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280292
|
9.8 |
CRITICAL
Network
|
node-printer_project
|
node-printer
|
The printDirect function in lib/printer.js in the node-printer module 0.0.1 and earlier for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in the lpr command.
|
CWE-77
Command Injection
|
CVE-2014-3741
|
2024-11-21 11:08 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280293
|
8.8 |
HIGH
Network
|
keycloak
|
keycloak
|
The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack…
|
CWE-352
Origin Validation Error
|
CVE-2014-3709
|
2024-11-21 11:08 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280294
|
5.9 |
MEDIUM
Network
|
redhat
|
enterprise_mrg
|
ovirt-engine, as used in Red Hat MRG 3, allows man-in-the-middle attackers to spoof servers by leveraging failure to verify key attributes in vdsm X.509 certificates.
|
CWE-295
Improper Certificate Validation
|
CVE-2014-3706
|
2024-11-21 11:08 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280295
|
5.4 |
MEDIUM
Network
|
theforeman
|
foreman
|
Multiple cross-site scripting (XSS) vulnerabilities in Foreman before 1.5.2 allow remote authenticated users to inject arbitrary web script or HTML via the operating system (1) name or (2) descriptio…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3531
|
2024-11-21 11:08 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280296
|
9.1 |
CRITICAL
Network
|
redhat
|
edeploy
|
Directory traversal vulnerability in eNovance eDeploy allows remote attackers to create arbitrary directories and files and consequently cause a denial of service (resource consumption) via a .. (dot…
|
CWE-22
Path Traversal
|
CVE-2014-3702
|
2024-11-21 11:08 |
2017-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280297
|
7.5 |
HIGH
Network
|
igniterealtime
|
openfire
|
OpenFire XMPP Server before 3.10 accepts self-signed certificates, which allows remote attackers to perform unspecified spoofing attacks.
|
CWE-295
Improper Certificate Validation
|
CVE-2014-3451
|
2024-11-21 11:08 |
2017-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280298
|
7.5 |
HIGH
Network
|
opensuse
encfs_project
|
leap
opensuse
encfs
|
The ".encfs6.xml" configuration file in encfs before 1.7.5 allows remote attackers to access sensitive data by setting "blockMACBytes" to 0 and adding 8 to "blockMACRandBytes".
|
CWE-200
Information Exposure
|
CVE-2014-3462
|
2024-11-21 11:08 |
2017-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280299
|
8.8 |
HIGH
Network
|
redhat
|
ansible
|
The user module in ansible before 1.6.6 allows remote authenticated users to execute arbitrary commands.
|
CWE-20
Improper Input Validation
|
CVE-2014-3498
|
2024-11-21 11:08 |
2017-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280300
|
9.8 |
CRITICAL
Network
|
vmware
|
spring_security
|
When using the CAS Proxy ticket authentication from Spring Security 3.1 to 3.2.4 a malicious CAS Service could trick another CAS Service into authenticating a proxy ticket that was not associated. Th…
|
CWE-287
Improper Authentication
|
CVE-2014-3527
|
2024-11-21 11:08 |
2017-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
