|
282791
|
- |
|
foliovision
|
foliopress_wysiwyg
|
Cross-site scripting (XSS) vulnerability in the Foliopress WYSIWYG plugin before 2.6.8.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-1232
|
2024-11-21 11:03 |
2014-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282792
|
8.8 |
HIGH
Network
|
opensuse
|
open_build_service
|
In the Open Build Service (OBS) before version 2.4.6 the CSRF protection is incorrectly disabled in the web interface, allowing for requests without the user's consent.
|
CWE-352
Origin Validation Error
|
CVE-2014-0594
|
2024-11-21 11:02 |
2018-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282793
|
9.8 |
CRITICAL
Network
|
opensuse
|
open_build_service
|
The set_version script as shipped with obs-service-set_version is a source validator for the Open Build Service (OBS). In versions prior to 0.5.3-1.1 this script did not properly sanitize the input p…
|
CWE-20
Improper Input Validation
|
CVE-2014-0593
|
2024-11-21 11:02 |
2018-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282794
|
5.3 |
MEDIUM
Local
|
ibm
|
rational_focal_point
|
IBM Rational Focal Point 6.4.0, 6.4.1, 6.5.1, 6.5.2, and 6.6.0 use a weak algorithm to hash passwords, which makes it easier for context-dependent attackers to obtain cleartext values via a brute-for…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2014-0841
|
2024-11-21 11:02 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282795
|
6.5 |
MEDIUM
Network
|
ibm
|
integrated_management_module_firmware
|
Integrated Management Module II (IMM2) on IBM Flex System, NeXtScale, System x3xxx, and System x iDataPlex systems might allow remote authenticated users to obtain sensitive account information via v…
|
CWE-200
Information Exposure
|
CVE-2014-0882
|
2024-11-21 11:02 |
2018-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282796
|
7.4 |
HIGH
Network
|
ibm
|
integrated_management_module_firmware
|
The TPM on Integrated Management Module II (IMM2) on IBM Flex System x222 servers with firmware 1.00 through 3.56 allows remote attackers to obtain sensitive key information or cause a denial of serv…
|
CWE-284
Improper Access Control
|
CVE-2014-0881
|
2024-11-21 11:02 |
2018-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282797
|
4.1 |
MEDIUM
Local
|
ibm
|
security_key_lifecycle_manager
|
The installation process in IBM Security Key Lifecycle Manager 2.5 stores unencrypted credentials, which might allow local users to obtain sensitive information by leveraging root access. IBM X-Force…
|
CWE-255
CWE-200
Credentials Management
Information Exposure
|
CVE-2014-0872
|
2024-11-21 11:02 |
2018-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282798
|
6.1 |
MEDIUM
Network
|
ibm
|
power_hardware_management_console
|
IBM Power HMC 7.1.0 through 7.8.0 and 7.3.5 is vulnerable to cross-site scripting. This vulnerability allows users to embed arbitrary JavaScript code in the Web UI thus altering the intended function…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0883
|
2024-11-21 11:02 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282799
|
7.5 |
HIGH
Network
|
nic
|
knot_cms
|
Knot DNS before 1.5.2 allows remote attackers to cause a denial of service (application crash) via a crafted DNS message.
|
CWE-20
Improper Input Validation
|
CVE-2014-0486
|
2024-11-21 11:02 |
2018-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282800
|
7.3 |
HIGH
Network
|
cisco
|
webex_meetings_server
|
Cisco WebEx Meetings Server before 1.1 uses meeting IDs with insufficient entropy, which makes it easier for remote attackers to bypass authentication and join arbitrary meetings without a password, …
|
CWE-331
Insufficient Entropy
|
CVE-2014-0691
|
2024-11-21 11:02 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
