|
281671
|
- |
|
ui
|
unifi_controller
|
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
|
CWE-255
Credentials Management
|
CVE-2014-2226
|
2024-11-21 11:05 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281672
|
- |
|
ui
|
unifi_video
|
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2227
|
2024-11-21 11:05 |
2014-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281673
|
- |
|
fuelphp
|
fuelphp
|
The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response.
|
CWE-94
Code Injection
|
CVE-2014-1999
|
2024-11-21 11:05 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281674
|
- |
|
cybozu
|
garoon
|
Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1996
|
2024-11-21 11:05 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281675
|
- |
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspe…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1995
|
2024-11-21 11:05 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281676
|
- |
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified ve…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1994
|
2024-11-21 11:05 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281677
|
- |
|
cybozu
|
garoon
|
The Portlets subsystem in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to bypass intended access restrictions via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1993
|
2024-11-21 11:05 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281678
|
- |
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in the Messages functionality in Cybozu Garoon 3.1.x, 3.5.x, and 3.7.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1992
|
2024-11-21 11:05 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281679
|
- |
|
cybozu
|
garoon
|
The CGI component in Cybozu Garoon 3.1.0 through 3.7 SP3 allows remote attackers to execute arbitrary commands via unspecified vectors.
|
CWE-78
OS Command
|
CVE-2014-1987
|
2024-11-21 11:05 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281680
|
- |
|
nextapp
|
file_explorer
|
Directory traversal vulnerability in the NextApp File Explorer application before 2.1.0.3 for Android allows remote attackers to overwrite or create arbitrary files via a crafted filename.
|
CWE-22
Path Traversal
|
CVE-2014-1973
|
2024-11-21 11:05 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
