|
283901
|
- |
|
prosody
|
prosody
|
Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream,…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2745
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283902
|
- |
|
lightwitch
prosody
|
metronome
prosody
|
plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cau…
|
CWE-20
Improper Input Validation
|
CVE-2014-2744
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283903
|
- |
|
lightwitch
|
metronome
|
plugins/mod_compression.lua in Lightwitch Metronome through 3.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resou…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2743
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283904
|
- |
|
isode
|
m-link
|
Isode M-Link before 16.0v7 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP s…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2742
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283905
|
- |
|
igniterealtime
|
openfire
|
nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2741
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283906
|
- |
|
sap
|
business_object_processing_framework_for_abap
|
SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
|
CWE-255
Credentials Management
|
CVE-2014-2752
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283907
|
- |
|
sap
|
print_and_output_management
|
SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
|
CWE-255
Credentials Management
|
CVE-2014-2751
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283908
|
- |
|
sap
|
hana
|
The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request.
|
CWE-200
Information Exposure
|
CVE-2014-2749
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283909
|
- |
|
sap
|
enhancement_package
|
The Security Audit Log facility in SAP Enhancement Package (EHP) 6 for SAP ERP 6.0 allows remote attackers to modify or delete arbitrary log classes via unspecified vectors. NOTE: some of these deta…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2748
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283910
|
- |
|
cacti
|
cacti
|
Multiple SQL injection vulnerabilities in graph_xport.php in Cacti 0.8.7g, 0.8.8b, and earlier allow remote attackers to execute arbitrary SQL commands via the (1) graph_start, (2) graph_end, (3) gra…
|
CWE-89
SQL Injection
|
CVE-2014-2708
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
