|
280991
|
- |
|
cisco
|
security_manager
|
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to hijack the authentication of arbitrary users for requests tha…
|
CWE-352
Origin Validation Error
|
CVE-2014-3267
|
2024-11-21 11:07 |
2014-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280992
|
- |
|
cisco
|
security_manager
|
Cross-site scripting (XSS) vulnerability in the web framework in Cisco Security Manager 4.6 and earlier allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter, ak…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3266
|
2024-11-21 11:07 |
2014-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280993
|
- |
|
cisco
|
ios_xe
asr_1001
asr_1002
asr_1002-x
asr_1002_fixed_router
asr_1004
asr_1006
asr_1013
asr_1023_router
|
Cisco IOS XE on ASR1000 devices, when PPPoE termination is enabled, allows remote attackers to cause a denial of service (device reload) via a malformed PPPoE packet, aka Bug ID CSCuo55180.
|
CWE-20
Improper Input Validation
|
CVE-2014-3284
|
2024-11-21 11:07 |
2014-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280994
|
- |
|
bizagi
|
business_process_management_suite
|
SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote authenticated users to execute arbitrary SQL commands via a crafted SOAP request.
|
CWE-89
SQL Injection
|
CVE-2014-2948
|
2024-11-21 11:07 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280995
|
- |
|
bizagi
|
business_process_management_suite
|
Cross-site scripting (XSS) vulnerability in Login.aspx in Bizagi BPM Suite before 10.3 allows remote attackers to inject arbitrary web script or HTML via the txtUsername parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-2947
|
2024-11-21 11:07 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280996
|
- |
|
hanon
|
faceid_f810_firmware
faceid
faceid_f710_firmware
faceid_fk800_firmware
faceid_fa007_firmware
|
Hanvon FaceID before 1.007.110 does not require authentication, which allows remote attackers to modify access-control and attendance-tracking data via API commands.
|
CWE-287
Improper Authentication
|
CVE-2014-2938
|
2024-11-21 11:07 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280997
|
- |
|
dotonpaper
|
booking_system
|
SQL injection vulnerability in dopbs-backend-forms.php in the Booking System (Booking Calendar) plugin before 1.3 for WordPress allows remote authenticated users to execute arbitrary SQL commands via…
|
CWE-89
SQL Injection
|
CVE-2014-3210
|
2024-11-21 11:07 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280998
|
- |
|
fedoraproject
google
|
fedora
v8
chrome
|
Integer underflow in the LCodeGen::PrepareKeyedOperand function in arm/lithium-codegen-arm.cc in Google V8 before 3.25.28.16, as used in Google Chrome before 35.0.1916.114, allows remote attackers to…
|
CWE-189
Numeric Errors
|
CVE-2014-3152
|
2024-11-21 11:07 |
2014-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280999
|
- |
|
cisco
|
ios
|
The LLDP implementation in Cisco IOS allows remote attackers to cause a denial of service (device reload) via a malformed packet, aka Bug ID CSCum96282.
|
CWE-20
Improper Input Validation
|
CVE-2014-3273
|
2024-11-21 11:07 |
2014-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281000
|
- |
|
cisco
|
ios_xr
|
The DHCPv6 implementation in Cisco IOS XR allows remote attackers to cause a denial of service (device crash) via a malformed packet, aka Bug IDs CSCum85558, CSCum20949, CSCul61849, and CSCul71149.
|
CWE-20
Improper Input Validation
|
CVE-2014-3271
|
2024-11-21 11:07 |
2014-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
