|
282091
|
- |
|
openstack
canonical
|
image_registry_and_delivery_service_\(glance\)
ubuntu_linux
|
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configurati…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5356
|
2024-11-21 11:11 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282092
|
- |
|
openstack
canonical
|
keystone
ubuntu_linux
|
OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access …
|
CWE-255
Credentials Management
|
CVE-2014-5253
|
2024-11-21 11:11 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282093
|
- |
|
openstack
canonical
|
keystone
ubuntu_linux
|
The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the tok…
|
CWE-255
Credentials Management
|
CVE-2014-5252
|
2024-11-21 11:11 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282094
|
- |
|
openstack
canonical
|
keystone
ubuntu_linux
|
The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for to…
|
CWE-255
Credentials Management
|
CVE-2014-5251
|
2024-11-21 11:11 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282095
|
- |
|
php
|
php
|
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via …
|
CWE-20
Improper Input Validation
|
CVE-2014-5120
|
2024-11-21 11:11 |
2014-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282096
|
- |
|
mediawiki
|
mediawiki
|
MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attacke…
|
CWE-20
Improper Input Validation
|
CVE-2014-5243
|
2024-11-21 11:11 |
2014-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282097
|
- |
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTM…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5242
|
2024-11-21 11:11 |
2014-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282098
|
- |
|
mediawiki
|
mediawiki
|
The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restr…
|
CWE-352
Origin Validation Error
|
CVE-2014-5241
|
2024-11-21 11:11 |
2014-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282099
|
- |
|
schrack
|
technik_microcontrol_firmware
technik_microcontrol
|
The web interface in Schrack Technik microControl with firmware before 1.7.0 (937) has a hardcoded password of not for the "user" account, which makes it easier for remote attackers to obtain access …
|
NVD-CWE-Other
|
CVE-2014-5396
|
2024-11-21 11:11 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282100
|
- |
|
wp_content_source_control_project
|
wp_content_source_control
|
Directory traversal vulnerability in the file_get_contents function in downloadfiles/download.php in the WP Content Source Control (wp-source-control) plugin 3.0.0 and earlier for WordPress allows re…
|
CWE-22
Path Traversal
|
CVE-2014-5368
|
2024-11-21 11:11 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
