|
283741
|
6.1 |
MEDIUM
Network
|
canonical
|
metal_as_a_service
|
A vulnerability in the REST API of Ubuntu MAAS allows an attacker to cause a logged-in user to execute commands via cross-site scripting. This issue affects MAAS versions prior to 1.9.2.
|
CWE-79
Cross-site Scripting
|
CVE-2014-1427
|
2024-11-21 11:04 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283742
|
7.5 |
HIGH
Network
|
canonical
|
metal_as_a_service
|
A vulnerability in maasserver.api.get_file_by_name of Ubuntu MAAS allows unauthenticated network clients to download any file. This issue affects: Ubuntu MAAS versions prior to 1.9.2.
|
CWE-20
Improper Input Validation
|
CVE-2014-1426
|
2024-11-21 11:04 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283743
|
5.3 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
MediaWiki 1.18.0 allows remote attackers to obtain the installation path via vectors related to thumbnail creation.
|
CWE-200
Information Exposure
|
CVE-2014-1686
|
2024-11-21 11:04 |
2018-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283744
|
6.5 |
MEDIUM
Network
|
entity_api_project
fedoraproject
|
entity_api
fedora
|
The entity_access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions and read unpublished comments via unspec…
|
CWE-284
Improper Access Control
|
CVE-2014-1400
|
2024-11-21 11:04 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283745
|
6.5 |
MEDIUM
Network
|
entity_api_project
fedoraproject
|
entity_api
fedora
|
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on referenced entities via unspe…
|
CWE-284
Improper Access Control
|
CVE-2014-1399
|
2024-11-21 11:04 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283746
|
6.5 |
MEDIUM
Network
|
entity_api_project
fedoraproject
|
entity_api
fedora
|
The entity wrapper access API in the Entity API module 7.x-1.x before 7.x-1.3 for Drupal might allow remote authenticated users to bypass intended access restrictions on comment, user and node statis…
|
CWE-284
Improper Access Control
|
CVE-2014-1398
|
2024-11-21 11:04 |
2018-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283747
|
5.4 |
MEDIUM
Network
|
owncloud
|
owncloud
|
Cross-site scripting (XSS) vulnerability in ownCloud before 6.0.1 allows remote authenticated users to inject arbitrary web script or HTML via the filename of an uploaded file.
|
CWE-79
Cross-site Scripting
|
CVE-2014-1665
|
2024-11-21 11:04 |
2018-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283748
|
8.8 |
HIGH
Network
|
openwebanalytics
|
open_web_analytics
|
Open Web Analytics (OWA) before 1.5.6 improperly generates random nonce values, which makes it easier for remote attackers to bypass a CSRF protection mechanism by leveraging knowledge of an OWA user…
|
CWE-352
Origin Validation Error
|
CVE-2014-1457
|
2024-11-21 11:04 |
2018-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283749
|
8.1 |
HIGH
Network
|
eventum_project
|
eventum
|
htdocs/setup/index.php in Eventum before 2.3.5 allows remote attackers to inject and execute arbitrary PHP code via the hostname parameter.
|
CWE-275
Permission Issues
|
CVE-2014-1632
|
2024-11-21 11:04 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283750
|
7.5 |
HIGH
Network
|
eventum_project
|
eventum
|
Eventum before 2.3.5 allows remote attackers to reinstall the application via direct request to /setup/index.php.
|
CWE-275
Permission Issues
|
CVE-2014-1631
|
2024-11-21 11:04 |
2018-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
