|
280521
|
- |
|
apple
canonical
fedoraproject
|
cups
ubuntu_linux
fedora
|
The web interface in CUPS before 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/.
|
CWE-59
Link Following
|
CVE-2014-3537
|
2024-11-21 11:08 |
2014-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280522
|
- |
|
redhat
|
jboss_enterprise_application_platform
|
The org.picketlink.common.util.DocumentUtil.getDocumentBuilderFactory method in PicketLink, as used in Red Hat JBoss Enterprise Application Platform (JBEAP) 5.2.0 and 6.2.4, expands entity references…
|
CWE-200
Information Exposure
|
CVE-2014-3530
|
2024-11-21 11:08 |
2014-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280523
|
- |
|
redhat
|
jboss_enterprise_portal_platform
jboss_enterprise_brms_platform
jboss_enterprise_application_platform
jboss_enterprise_soa_platform
|
jmx-remoting.sar in JBoss Remoting, as used in Red Hat JBoss Enterprise Application Platform (JEAP) 5.2.0, Red Hat JBoss BRMS 5.3.1, Red Hat JBoss Portal Platform 5.2.2, and Red Hat JBoss SOA Platfor…
|
CWE-94
Code Injection
|
CVE-2014-3518
|
2024-11-21 11:08 |
2014-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280524
|
- |
|
apache
|
http_server
|
Memory leak in the winnt_accept function in server/mpm/winnt/child.c in the WinNT MPM in the Apache HTTP Server 2.4.x before 2.4.10 on Windows, when the default AcceptFilter is enabled, allows remote…
|
CWE-399
Resource Management Errors
|
CVE-2014-3523
|
2024-11-21 11:08 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280525
|
- |
|
debian
freedesktop
mageia_project
opensuse
|
debian_linux
dbus
mageia
opensuse
|
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6 allows local users to cause a denial of service (disconnect) via a certain sequence of crafted messages that cause the dbus-daemon to forward a message…
|
CWE-20
Improper Input Validation
|
CVE-2014-3533
|
2024-11-21 11:08 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280526
|
- |
|
freedesktop
opensuse
debian
mageia
oracle
|
dbus
opensuse
debian_linux
mageia
solaris
|
dbus 1.3.0 before 1.6.22 and 1.8.x before 1.8.6, when running on Linux 2.6.37-rc4 or later, allows local users to cause a denial of service (system-bus disconnect of other services or applications) b…
|
CWE-20
Improper Input Validation
|
CVE-2014-3532
|
2024-11-21 11:08 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280527
|
- |
|
reportico
|
php_report_designer
|
Directory traversal vulnerability in Reportico PHP Report Designer before 4.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the xmlin parameter.
|
CWE-22
Path Traversal
|
CVE-2014-3777
|
2024-11-21 11:08 |
2014-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280528
|
- |
|
yealink
|
voip_phone_firmware
|
CRLF injection vulnerability in Yealink VoIP Phones with firmware 28.72.0.2 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the model paramete…
|
NVD-CWE-Other
|
CVE-2014-3427
|
2024-11-21 11:08 |
2014-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280529
|
- |
|
infoblox
|
netmri
|
Infoblox NetMRI before 6.8.5 has a default password of admin for the "root" MySQL database account, which makes it easier for local users to obtain access via unspecified vectors.
|
CWE-255
Credentials Management
|
CVE-2014-3419
|
2024-11-21 11:08 |
2014-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280530
|
- |
|
infoblox
|
netmri
|
config/userAdmin/login.tdf in Infoblox NetMRI before 6.8.5 allows remote attackers to execute arbitrary commands via shell metacharacters in the skipjackUsername parameter.
|
CWE-78
OS Command
|
CVE-2014-3418
|
2024-11-21 11:08 |
2014-07-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
