|
283301
|
- |
|
xbmc
|
xbmc
|
XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3800
|
2024-11-21 11:08 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283302
|
- |
|
teampass
|
teampass
|
Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3774
|
2024-11-21 11:08 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283303
|
- |
|
teampass
|
teampass
|
Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_passwor…
|
CWE-89
SQL Injection
|
CVE-2014-3773
|
2024-11-21 11:08 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283304
|
- |
|
teampass
|
teampass
|
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via a request to index.php followed by a direct request to a file that calls the session_start function before checking th…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3772
|
2024-11-21 11:08 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283305
|
- |
|
teampass
|
teampass
|
TeamPass before 2.1.20 allows remote attackers to bypass access restrictions via the language file path in a (1) request to index.php or (2) "change_user_language" request to sources/main.queries.php.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3771
|
2024-11-21 11:08 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283306
|
- |
|
openstack
|
nova
|
api/metadata/handler.py in OpenStack Compute (Nova) before 2013.2.4, 2014.x before 2014.1.2, and Juno before Juno-2, when proxying metadata requests through Neutron, makes it easier for remote attack…
|
CWE-200
Information Exposure
|
CVE-2014-3517
|
2024-11-21 11:08 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283307
|
- |
|
solarwinds
|
network_configuration_manager
|
Heap-based buffer overflow in SolarWinds Network Configuration Manager (NCM) before 7.3 allows remote attackers to execute arbitrary code via the PEstrarg1 property.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3459
|
2024-11-21 11:08 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283308
|
- |
|
opensuse
ipython
mageia
|
opensuse
ipython_notebook
mageia
|
IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote attackers to execute arbitrary code by leveraging knowledge of the kernel id and a…
|
CWE-94
Code Injection
|
CVE-2014-3429
|
2024-11-21 11:08 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283309
|
- |
|
redhat
|
enterprise_virtualization
|
The oVirt storage backend in Red Hat Enterprise Virtualization 3.4 does not wipe memory snapshots when deleting a VM, even when wipe-after-delete (WAD) is configured for the VM's disk, which allows r…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3559
|
2024-11-21 11:08 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283310
|
- |
|
symantec
|
endpoint_protection
|
Buffer overflow in the sysplant driver in Symantec Endpoint Protection (SEP) Client 11.x and 12.x before 12.1 RU4 MP1b, and Small Business Edition before SEP 12.1, allows local users to execute arbit…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3434
|
2024-11-21 11:08 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
