|
284241
|
- |
|
xcloner
|
xcloner
|
Multiple cross-site request forgery (CSRF) vulnerabilities in XCloner Standalone 3.5 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) change the…
|
CWE-352
Origin Validation Error
|
CVE-2014-2579
|
2024-11-21 11:06 |
2014-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284242
|
- |
|
ektron
|
ektron_content_management_system
|
Cross-site scripting (XSS) vulnerability in content.aspx in Ektron CMS 8.7 before 8.7.0.055 allows remote authenticated users to inject arbitrary web script or HTML via the category0 parameter, which…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2729
|
2024-11-21 11:06 |
2014-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284243
|
- |
|
ruby-lang
|
ruby
|
The openssl extension in Ruby 2.x does not properly maintain the state of process memory after a file is reopened, which allows remote attackers to spoof signatures within the context of a Ruby scrip…
|
CWE-399
Resource Management Errors
|
CVE-2014-2734
|
2024-11-21 11:06 |
2014-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284244
|
- |
|
hp
|
integrated_lights-out_2_firmware
|
The server in HP Integrated Lights-Out 2 (aka iLO 2) 2.23 and earlier allows remote attackers to cause a denial of service via crafted HTTPS traffic, as demonstrated by traffic from a CVE-2014-0160 v…
|
NVD-CWE-noinfo
|
CVE-2014-2601
|
2024-11-21 11:06 |
2014-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284245
|
- |
|
modx
|
modx_revolution
|
Multiple SQL injection vulnerabilities in MODX Revolution before 2.2.14 allow remote attackers to execute arbitrary SQL commands via the (1) session ID (PHPSESSID) to index.php or remote authenticate…
|
CWE-89
SQL Injection
|
CVE-2014-2736
|
2024-11-21 11:06 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284246
|
- |
|
open-xchange
|
open-xchange_appsuite
|
Cross-site scripting (XSS) vulnerability in Open-Xchange AppSuite 7.4.1 before 7.4.1-rev11 and 7.4.2 before 7.4.2-rev13 allows remote attackers to inject arbitrary web script or HTML via a Drive file…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2393
|
2024-11-21 11:06 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284247
|
- |
|
open-xchange
|
open-xchange_appsuite
|
The E-Mail autoconfiguration feature in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 places a password in a GET request, which allows remote attack…
|
CWE-200
Information Exposure
|
CVE-2014-2392
|
2024-11-21 11:06 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284248
|
- |
|
open-xchange
|
open-xchange_appsuite
|
The password recovery service in Open-Xchange AppSuite before 7.2.2-rev20, 7.4.1 before 7.4.1-rev11, and 7.4.2 before 7.4.2-rev13 makes an improper decision about the sensitivity of a string represen…
|
CWE-200
Information Exposure
|
CVE-2014-2391
|
2024-11-21 11:06 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284249
|
- |
|
cacti
debian
|
cacti
debian_linux
|
lib/rrd.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in unspecified parameters.
|
NVD-CWE-Other
|
CVE-2014-2709
|
2024-11-21 11:06 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284250
|
- |
|
opensuse
otrs
|
opensuse
otrs
|
OTRS 3.1.x before 3.1.21, 3.2.x before 3.2.16, and 3.3.x before 3.3.6 allows remote attackers to conduct clickjacking attacks via an IFRAME element.
|
CWE-20
Improper Input Validation
|
CVE-2014-2554
|
2024-11-21 11:06 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
