|
284251
|
- |
|
cacti
fedoraproject
opensuse
debian
|
cacti
fedora
opensuse
debian_linux
|
lib/graph_export.php in Cacti 0.8.7g, 0.8.8b, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2014-2328
|
2024-11-21 11:06 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284252
|
- |
|
cacti
debian
opensuse
|
cacti
debian_linux
opensuse
|
Cross-site request forgery (CSRF) vulnerability in Cacti 0.8.7g, 0.8.8b, and earlier allows remote attackers to hijack the authentication of users for unspecified commands, as demonstrated by request…
|
CWE-352
Origin Validation Error
|
CVE-2014-2327
|
2024-11-21 11:06 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284253
|
- |
|
knowledgetree
|
knowledgetree
|
SQL injection vulnerability in the get_active_session function in the KTAPI_UserSession class in webservice/clienttools/services/mdownload.php in KnowledgeTree 3.7.0.2 and earlier allows remote attac…
|
CWE-89
SQL Injection
|
CVE-2014-2737
|
2024-11-21 11:06 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284254
|
- |
|
papercut
|
papercut_ng
papercut_mf
|
Cross-site request forgery (CSRF) vulnerability in the admin UI in Papercut MF and NG before 14.1 (Build 26983) allows remote attackers to hijack the authentication of administrators via unspecified …
|
CWE-352
Origin Validation Error
|
CVE-2014-2659
|
2024-11-21 11:06 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284255
|
- |
|
mobfox
|
madserve
|
Multiple SQL injection vulnerabilities in MobFox mAdserve 2.0 and earlier allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) edit_ad_unit.php, (2) view_adu…
|
CWE-89
SQL Injection
|
CVE-2014-2654
|
2024-11-21 11:06 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284256
|
- |
|
winscp
|
winscp
|
WinSCP before 5.5.3, when FTP with TLS is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, whic…
|
CWE-20
Improper Input Validation
|
CVE-2014-2735
|
2024-11-21 11:06 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284257
|
- |
|
asus
t-mobile
|
rt-ac66u_firmware
rt-ac68u_firmware
rt-n10e_firmware
rt-n14u_firmware
rt-n16_firmware
rt-n56u_firmware
rt-n65u_firmware
rt-n66u_firmware
rt-ac68u
tm-ac1900
|
Advanced_System_Content.asp in the ASUS RT series routers with firmware before 3.0.0.4.374.5517, when an administrator session is active, allows remote authenticated users to obtain the administrator…
|
CWE-200
Information Exposure
|
CVE-2014-2719
|
2024-11-21 11:06 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284258
|
- |
|
cubecart
|
cubecart
|
Session fixation vulnerability in CubeCart before 5.2.9 allows remote attackers to hijack web sessions via the PHPSESSID parameter.
|
CWE-287
Improper Authentication
|
CVE-2014-2341
|
2024-11-21 11:06 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284259
|
- |
|
mediawiki
|
mediawiki
|
includes/specials/SpecialChangePassword.php in MediaWiki before 1.19.14, 1.20.x and 1.21.x before 1.21.8, and 1.22.x before 1.22.5 does not properly handle a correctly authenticated but unintended lo…
|
CWE-287
Improper Authentication
|
CVE-2014-2665
|
2024-11-21 11:06 |
2014-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284260
|
- |
|
siemens
|
sinema_server
|
Siemens SINEMA Server before 12 SP1 allows remote attackers to cause a denial of service (web-interface outage) via crafted HTTP requests to port (1) 4999 or (2) 80.
|
CWE-20
Improper Input Validation
|
CVE-2014-2733
|
2024-11-21 11:06 |
2014-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
