|
284271
|
7.5 |
HIGH
Network
|
hapi
|
inert
|
The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false.
|
CWE-22
Path Traversal
|
CVE-2014-10068
|
2024-11-21 11:03 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284272
|
5.9 |
MEDIUM
Network
|
paypal-ipn_project
|
paypal-ipn
|
paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attack…
|
CWE-287
Improper Authentication
|
CVE-2014-10067
|
2024-11-21 11:03 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284273
|
7.1 |
HIGH
Network
|
ibm
|
rational_clearquest
|
Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rationa…
|
CWE-611
XXE
|
CVE-2014-0950
|
2024-11-21 11:03 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284274
|
9.1 |
CRITICAL
Network
|
ibm
|
rational_clearcase
|
Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) C…
|
CWE-611
XXE
|
CVE-2014-0931
|
2024-11-21 11:03 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284275
|
8.1 |
HIGH
Network
|
ibm
|
sterling_b2b_integrator
sterling_file_gateway
|
The ActiveMQ admin user interface in IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allows remote attackers to bypass authentication by leveraging knowledge of the port…
|
CWE-287
Improper Authentication
|
CVE-2014-0927
|
2024-11-21 11:03 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284276
|
5.3 |
MEDIUM
Network
|
ibm
|
sterling_b2b_integrator
sterling_file_gateway
|
IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote attackers to obtain sensitive product information via vectors related to an error page. IBM X-Force ID: 9207…
|
CWE-200
Information Exposure
|
CVE-2014-0912
|
2024-11-21 11:03 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284277
|
8.8 |
HIGH
Network
|
google
|
android
|
The Device Administrator code in Android before 4.4.1_r1 might allow attackers to spoof device administrators and consequently bypass MDM restrictions by leveraging failure to update the mAdminMap da…
|
CWE-20
Improper Input Validation
|
CVE-2014-0900
|
2024-11-21 11:03 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284278
|
7.5 |
HIGH
Network
|
wpitchoune
debian
|
psensor
debian_linux
|
The create_response function in server/server.c in Psensor before 1.1.4 allows Directory Traversal because it lacks a check for whether a file is under the webserver directory.
|
CWE-22
Path Traversal
|
CVE-2014-10073
|
2024-11-21 11:03 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284279
|
7.5 |
HIGH
Network
|
qualcomm
|
mdm9625_firmware
sd_800_firmware
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9625 and SD 800, a fuse is not correctly blown on a secure device.
|
CWE-254
7PK - Security Features
|
CVE-2014-10063
|
2024-11-21 11:03 |
2018-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284280
|
9.8 |
CRITICAL
Network
|
qualcomm
|
mdm9615_firmware
mdm9625_firmware
sd_210_firmware
sd_212_firmware
sd_205_firmware
sd_400_firmware
sd_800_firmware
|
In Android before 2018-04-05 or earlier security patch level on Qualcomm Snapdragon Mobile MDM9615, MDM9625, SD 210/SD 212/SD 205, SD 400, and SD 800, improper access control on ATCMD service allows …
|
CWE-284
Improper Access Control
|
CVE-2014-10059
|
2024-11-21 11:03 |
2018-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
