|
282321
|
- |
|
owncloud
|
owncloud
|
ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspec…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3834
|
2024-11-21 11:08 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282322
|
- |
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web sc…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3833
|
2024-11-21 11:08 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282323
|
- |
|
owncloud
|
owncloud
|
Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possi…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3832
|
2024-11-21 11:08 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282324
|
- |
|
lucidcrew
|
pixie
|
Multiple cross-site scripting (XSS) vulnerabilities in the contact module (admin/modules/contact.php) in Pixie CMS 1.04 allow remote attackers to inject arbitrary web script or HTML via the (1) uemai…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3786
|
2024-11-21 11:08 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282325
|
- |
|
gnu
|
gnutls
|
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (me…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3466
|
2024-11-21 11:08 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282326
|
- |
|
vmware
|
vcenter_server_appliance
|
Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3790
|
2024-11-21 11:08 |
2014-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282327
|
- |
|
vmware
|
player
esxi
fusion
workstation
|
VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows gue…
|
NVD-CWE-Other
|
CVE-2014-3793
|
2024-11-21 11:08 |
2014-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282328
|
- |
|
citrix
|
vdi-in-a-box
|
Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet.
|
CWE-287
Improper Authentication
|
CVE-2014-3780
|
2024-11-21 11:08 |
2014-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282329
|
- |
|
jasig
|
uportal
|
uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3417
|
2024-11-21 11:08 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282330
|
- |
|
jasig
|
uportal
|
uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-adm…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3416
|
2024-11-21 11:08 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
