|
281391
|
- |
|
mobfox
|
madserve
|
Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) edit_ad_unit.php, (2) view_adu…
|
CWE-89
SQL Injection
|
CVE-2014-2654
|
2024-11-21 11:06 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281392
|
- |
|
winscp
|
winscp
|
WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, whic…
|
CWE-20
Improper Input Validation
|
CVE-2014-2735
|
2024-11-21 11:06 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281393
|
- |
|
asus
t-mobile
|
rt-ac66u_firmware
rt-ac68u_firmware
rt-n10e_firmware
rt-n14u_firmware
rt-n16_firmware
rt-n56u_firmware
rt-n65u_firmware
rt-n66u_firmware
rt-ac68u
tm-ac1900
|
Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator…
|
CWE-200
Information Exposure
|
CVE-2014-2719
|
2024-11-21 11:06 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281394
|
- |
|
cubecart
|
cubecart
|
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
|
CWE-287
Improper Authentication
|
CVE-2014-2341
|
2024-11-21 11:06 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281395
|
- |
|
mediawiki
|
mediawiki
|
includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended lo…
|
CWE-287
Improper Authentication
|
CVE-2014-2665
|
2024-11-21 11:06 |
2014-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281396
|
- |
|
siemens
|
sinema_server
|
Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80.
|
CWE-20
Improper Input Validation
|
CVE-2014-2733
|
2024-11-21 11:06 |
2014-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281397
|
- |
|
siemens
|
sinema_server
|
Multiple directory traversal vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to access arbitrary files via HTTP traffic to port (1) 4999 or …
|
CWE-22
Path Traversal
|
CVE-2014-2732
|
2024-11-21 11:06 |
2014-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281398
|
- |
|
siemens
|
sinema_server
|
Multiple unspecified vulnerabilities in the integrated web server in Siemens SINEMA Server before 12 SP1 allow remote attackers to execute arbitrary code via HTTP traffic to port (1) 4999 or (2) 80.
|
NVD-CWE-noinfo
|
CVE-2014-2731
|
2024-11-21 11:06 |
2014-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281399
|
- |
|
remote-rac
|
rac_server
|
PCNetSoftware RAC Server 4.0.4 and 4.0.5 allows local users to cause a denial of service (disabled keyboard or crash) via a large input buffer to unspecified IOCTL requests in RACDriver.sys, which tr…
|
CWE-20
Improper Input Validation
|
CVE-2014-2597
|
2024-11-21 11:06 |
2014-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281400
|
- |
|
haxx
|
curl
libcurl
|
curl and libcurl 7.27.0 through 7.35.0, when running on Windows and using the SChannel/Winssl TLS backend, does not verify that the server hostname matches a domain name in the subject's Common Name …
|
CWE-20
Improper Input Validation
|
CVE-2014-2522
|
2024-11-21 11:06 |
2014-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
