|
280671
|
7.1 |
HIGH
Local
|
truecrypt_project
|
truecrypt
|
Multiple integer overflows in TrueCrypt 7.1a allow local users to (1) obtain sensitive information via vectors involving a crafted item->OriginalLength value in the MainThreadProc function in Encrypt…
|
CWE-200
CWE-190
CWE-400
Information Exposure
Integer Overflow or Wraparound
Uncontrolled Resource Consumption
|
CVE-2014-2885
|
2024-11-21 11:07 |
2018-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280672
|
3.3 |
LOW
Local
|
truecrypt_project
|
truecrypt
|
The ProcessVolumeDeviceControlIrp function in Ntdriver.c in TrueCrypt 7.1a allows local users to bypass access restrictions and obtain sensitive information about arbitrary files via a (1) TC_IOCTL_O…
|
CWE-200
CWE-284
Information Exposure
Improper Access Control
|
CVE-2014-2884
|
2024-11-21 11:07 |
2018-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280673
|
9.8 |
CRITICAL
Network
|
seagate
|
blackarmor_nas_220_firmware
blackarmor_nas_110_firmware
|
Seagate BlackArmor NAS allows remote attackers to execute arbitrary code via the session parameter to localhost/backupmgt/localJob.php or the auth_name parameter to localhost/backupmgmt/pre_connect_c…
|
CWE-20
Improper Input Validation
|
CVE-2014-3206
|
2024-11-21 11:07 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280674
|
9.8 |
CRITICAL
Network
|
seagate
|
blackarmor_nas_220_firmware
blackarmor_nas_110_firmware
|
backupmgt/pre_connect_check.php in Seagate BlackArmor NAS contains a hard-coded password of '!~@##$$%FREDESWWSED' for a backdoor user.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2014-3205
|
2024-11-21 11:07 |
2018-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280675
|
7.8 |
HIGH
Local
|
fishshell
fedoraproject
|
fish
fedora
|
fish before 2.1.1 allows local users to write to arbitrary files via a symlink attack on (1) /tmp/fishd.log.%s, (2) /tmp/.pac-cache.$USER, (3) /tmp/.yum-cache.$USER, or (4) /tmp/.rpm-cache.$USER.
|
CWE-59
Link Following
|
CVE-2014-3219
|
2024-11-21 11:07 |
2018-02-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280676
|
9.8 |
CRITICAL
Network
|
sugarcrm
|
sugarcrm
|
XML external entity (XXE) vulnerability in the RSSDashlet dashlet in SugarCRM before 6.5.17 allows remote attackers to read arbitrary files or potentially execute arbitrary code via a crafted DTD in …
|
CWE-611
XXE
|
CVE-2014-3244
|
2024-11-21 11:07 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280677
|
9.8 |
CRITICAL
Network
|
zabbix
fedoraproject
|
zabbix
fedora
|
XML external entity (XXE) vulnerability in Zabbix 1.8.x before 1.8.21rc1, 2.0.x before 2.0.13rc1, 2.2.x before 2.2.5rc1, and 2.3.x before 2.3.2 allows remote attackers to read arbitrary files or pote…
|
CWE-611
XXE
|
CVE-2014-3005
|
2024-11-21 11:07 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280678
|
6.5 |
MEDIUM
Network
|
puppet
redhat
|
puppet
linux
|
The default vhost configuration file in Puppet before 3.6.2 does not include the SSLCARevocationCheck directive, which might allow remote attackers to obtain sensitive information via a revoked certi…
|
CWE-295
Improper Certificate Validation
|
CVE-2014-3250
|
2024-11-21 11:07 |
2017-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280679
|
8.8 |
HIGH
Network
|
orange
|
livebox_1.1_firmware
|
Livebox 1.1 allows remote authenticated users to upload arbitrary configuration files, download the configuration file, or obtain sensitive information via crafted Javascript.
|
CWE-254
7PK - Security Features
|
CVE-2014-3150
|
2024-11-21 11:07 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280680
|
5.9 |
MEDIUM
Network
|
cyberduck
|
cyberduck
|
Cyberduck before 4.4.4 on Windows does not properly validate X.509 certificate chains, which allows man-in-the-middle attackers to spoof FTP-SSL servers via a certificate issued by an arbitrary root …
|
CWE-295
Improper Certificate Validation
|
CVE-2014-2845
|
2024-11-21 11:07 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
