|
281601
|
6.1 |
MEDIUM
Network
|
oxidforge
|
eshop
|
CRLF injection vulnerability in OXID eShop Professional Edition before 4.7.11 and 4.8.x before 4.8.4, Enterprise Edition before 5.0.11 and 5.1.x before 5.1.4, and Community Edition before 4.7.11 and …
|
CWE-93
CRLF Injection
|
CVE-2014-2017
|
2024-11-21 11:05 |
2018-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281602
|
7.1 |
HIGH
Adjacent
|
arubanetworks
|
clearpass
|
Aruba Networks ClearPass Policy Manager 6.1.x, 6.2.x before 6.2.5.61640 and 6.3.x before 6.3.0.61712, when configured to use tunneled and non-tunneled EAP methods in a single policy construct, allows…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2071
|
2024-11-21 11:05 |
2018-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281603
|
5.5 |
MEDIUM
Local
|
numpy
redhat
fedoraproject
|
numpy
enterprise_linux
fedora
|
(1) core/tests/test_memmap.py, (2) core/tests/test_multiarray.py, (3) f2py/f2py2e.py, and (4) lib/tests/test_io.py in NumPy before 1.8.1 allow local users to write to arbitrary files via a symlink at…
|
CWE-59
Link Following
|
CVE-2014-1859
|
2024-11-21 11:05 |
2018-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281604
|
5.5 |
MEDIUM
Local
|
numpy
|
numpy
|
__init__.py in f2py in NumPy before 1.8.1 allows local users to write to arbitrary files via a symlink attack on a temporary file.
|
CWE-20
Improper Input Validation
|
CVE-2014-1858
|
2024-11-21 11:05 |
2018-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281605
|
9.8 |
CRITICAL
Network
|
tapatalk
|
tapatalk
|
Multiple SQL injection vulnerabilities in the Tapatalk plugin 4.9.0 and earlier and 5.x through 5.2.1 for vBulletin allow remote attackers to execute arbitrary SQL commands via a crafted xmlrpc API r…
|
CWE-89
SQL Injection
|
CVE-2014-2023
|
2024-11-21 11:05 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281606
|
7.1 |
HIGH
Local
|
perltidy_project
|
perltidy
|
The make_temporary_filename function in perltidy 20120701-1 and earlier allows local users to obtain sensitive information or write to arbitrary files via a symlink attack, related to use of the tmpn…
|
CWE-284
Improper Access Control
|
CVE-2014-2277
|
2024-11-21 11:05 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281607
|
8.1 |
HIGH
Network
|
percona
|
toolkit
|
The automatic version check functionality in the tools in Percona Toolkit 2.1 allows man-in-the-middle attackers to obtain sensitive information or execute arbitrary code by leveraging use of HTTP to…
|
CWE-200
Information Exposure
|
CVE-2014-2029
|
2024-11-21 11:05 |
2017-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281608
|
6.1 |
MEDIUM
Network
|
viprinet
|
multichannel_vpn_router_300_firmware
|
Multiple cross-site scripting (XSS) vulnerabilities in the old and new interfaces in Viprinet Multichannel VPN Router 300 allow remote attackers to inject arbitrary web script or HTML via the usernam…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2045
|
2024-11-21 11:05 |
2017-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281609
|
6.5 |
MEDIUM
Network
|
cisco
|
ios_xe
ios
|
The Zone-Based Firewall (ZBFW) functionality in Cisco IOS, possibly 15.4 and earlier, and IOS XE, possibly 3.13 and earlier, mishandles zone checking for existing sessions, which allows remote attack…
|
CWE-20
Improper Input Validation
|
CVE-2014-2146
|
2024-11-21 11:05 |
2016-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281610
|
- |
|
apache
|
tapestry
|
Apache Tapestry before 5.3.6 relies on client-side object storage without checking whether a client has modified an object, which allows remote attackers to cause a denial of service (resource consum…
|
CWE-399
Resource Management Errors
|
CVE-2014-1972
|
2024-11-21 11:05 |
2015-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
