|
285041
|
9.8 |
CRITICAL
Network
|
hawt
redhat
|
hawtio
jboss_fuse
|
The admin terminal in Hawt.io does not require authentication, which allows remote attackers to execute arbitrary commands via the k parameter.
|
CWE-287
Improper Authentication
|
CVE-2014-0121
|
2024-11-21 11:01 |
2017-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285042
|
8.8 |
HIGH
Network
|
hawt
redhat
|
hawtio
jboss_fuse
|
Cross-site request forgery (CSRF) vulnerability in the admin terminal in Hawt.io allows remote attackers to hijack the authentication of arbitrary users for requests that run commands on the Karaf se…
|
CWE-352
Origin Validation Error
|
CVE-2014-0120
|
2024-11-21 11:01 |
2017-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285043
|
5.5 |
MEDIUM
Local
|
apache
|
karaf
|
Apache Karaf before 4.0.10 enables a shutdown port on the loopback interface, which allows local users to cause a denial of service (shutdown) by sending a shutdown command to all listening high port…
|
CWE-20
Improper Input Validation
|
CVE-2014-0219
|
2024-11-21 11:01 |
2017-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285044
|
9.8 |
CRITICAL
Network
|
apache
|
cordova_in-app-browser
cordova
|
The CDVInAppBrowser class in the Apache Cordova In-App-Browser standalone plugin (org.apache.cordova.inappbrowser) before 0.3.2 for iOS and the In-App-Browser plugin for iOS from Cordova 2.6.0 throug…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0073
|
2024-11-21 11:01 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285045
|
7.5 |
HIGH
Network
|
apache
|
cordova_file_transfer
cordova
|
ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9…
|
CWE-20
Improper Input Validation
|
CVE-2014-0072
|
2024-11-21 11:01 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285046
|
7.5 |
HIGH
Network
|
apache
|
storm
|
Directory traversal vulnerability in the log viewer in Apache Storm 0.9.0.1 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter to log.
|
CWE-22
Path Traversal
|
CVE-2014-0115
|
2024-11-21 11:01 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285047
|
5.4 |
MEDIUM
Network
|
theforeman
|
foreman
|
Cross-site scripting (XSS) vulnerability in the search auto-completion functionality in Foreman before 1.4.4 allows remote authenticated users to inject arbitrary web script or HTML via a crafted key…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0208
|
2024-11-21 11:01 |
2017-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285048
|
6.1 |
MEDIUM
Network
|
redhat
|
subscription_asset_manager
|
Multiple cross-site scripting (XSS) vulnerabilities in the SAM web application in Red Hat katello-headpin allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2014-0029
|
2024-11-21 11:01 |
2017-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285049
|
9.8 |
CRITICAL
Network
|
apache
|
roller
|
The XML-RPC protocol support in Apache Roller before 5.0.3 allows attackers to conduct XML External Entity (XXE) attacks via unspecified vectors.
|
CWE-611
XXE
|
CVE-2014-0030
|
2024-11-21 11:01 |
2017-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285050
|
7.8 |
HIGH
Local
|
docker
|
docker
|
Docker before 1.5 allows local users to have unspecified impact via vectors involving unsafe /tmp usage.
|
NVD-CWE-noinfo
|
CVE-2014-0047
|
2024-11-21 11:01 |
2017-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
