|
285101
|
- |
|
redhat
|
cloudforms_3.0_management_engine
|
The (1) get and (2) log methods in the AgentController in Red Hat CloudForms 3.0 Management Engine (CFME) 5.x allow remote attackers to insert arbitrary text into log files via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2014-0136
|
2024-11-21 11:01 |
2014-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285102
|
- |
|
jolokia
|
jolokia
|
Cross-site request forgery (CSRF) vulnerability in Jolokia before 1.2.1 allows remote attackers to hijack the authentication of users for requests that execute MBeans methods via a crafted web page.
|
CWE-352
Origin Validation Error
|
CVE-2014-0168
|
2024-11-21 11:01 |
2014-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285103
|
- |
|
redhat
|
cloudforms_3.0.5_management_engine
cloudforms_3.0.4_management_engine
cloudforms_3.0.3_management_engine
cloudforms_3.0.2_management_engine
cloudforms_3.0.1_management_engine
cloudform…
|
Red Hat CloudForms 3.1 Management Engine (CFME) before 5.3 allows remote authenticated users to access sensitive controllers and actions via a direct HTTP or HTTPS request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0140
|
2024-11-21 11:01 |
2014-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285104
|
- |
|
apache
|
shiro
|
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.
|
CWE-287
Improper Authentication
|
CVE-2014-0074
|
2024-11-21 11:01 |
2014-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285105
|
- |
|
redhat
jboss
|
jboss_data_virtualization
teiid
|
Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XM…
|
NVD-CWE-Other
|
CVE-2014-0170
|
2024-11-21 11:01 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285106
|
- |
|
linux
|
linux_kernel
|
The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0205
|
2024-11-21 11:01 |
2014-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285107
|
- |
|
fortinet
|
fortios
|
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-midd…
|
CWE-310
Cryptographic Issues
|
CVE-2014-0351
|
2024-11-21 11:01 |
2014-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285108
|
- |
|
ovirt
|
ovirt
|
The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page.
|
CWE-200
Information Exposure
|
CVE-2014-0153
|
2024-11-21 11:01 |
2014-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285109
|
- |
|
ovirt
redhat
|
ovirt
ovirt-engine
|
Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2014-0152
|
2024-11-21 11:01 |
2014-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285110
|
- |
|
apache
|
ofbiz
|
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0232
|
2024-11-21 11:01 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
