|
279061
|
6.5 |
MEDIUM
Network
|
imagemagick
debian
|
imagemagick
debian_linux
|
imagemagick 6.8.9.6 has remote DOS via infinite loop
|
CWE-835
Loop with Unreachable Exit Condition ('Infinite Loop')
|
CVE-2014-8561
|
2024-11-21 11:19 |
2019-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279062
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-815_firmware
|
The remote administration interface in D-Link DIR-815 devices with firmware before 2.03.B02 allows remote attackers to execute arbitrary commands via vectors related to an "HTTP command injection iss…
|
CWE-77
Command Injection
|
CVE-2014-8888
|
2024-11-21 11:19 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279063
|
8.1 |
HIGH
Network
|
unify
|
openstage_sip
openscape_desk_phone_ip_sip
|
The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes…
|
CWE-331
Insufficient Entropy
|
CVE-2014-8422
|
2024-11-21 11:19 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279064
|
7.5 |
HIGH
Network
|
unify
|
openstage_sip
openscape_desk_phone_ip_sip
|
Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1)…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8421
|
2024-11-21 11:19 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279065
|
5.4 |
MEDIUM
Network
|
jease
|
jease
|
Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note.
|
CWE-79
Cross-site Scripting
|
CVE-2014-8780
|
2024-11-21 11:19 |
2018-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279066
|
9.8 |
CRITICAL
Network
|
trendnet
|
tew-823dru_firmware
|
TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2014-8579
|
2024-11-21 11:19 |
2018-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279067
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8540
|
2024-11-21 11:19 |
2018-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279068
|
9.8 |
CRITICAL
Network
|
airlive
|
bu-3026_firmware
md-3025_firmware
wl-2000cam_firmware
poe-200cam_v2_firmware
bu-2015_firmware
|
cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with…
|
CWE-78
OS Command
|
CVE-2014-8389
|
2024-11-21 11:19 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279069
|
5.3 |
MEDIUM
Network
|
codeasily
|
grand_flagallery
|
The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to (1) flagallery-skins/banner_widget_default/gallery.php or (2) flash-albu…
|
CWE-200
Information Exposure
|
CVE-2014-8491
|
2024-11-21 11:19 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279070
|
9.8 |
CRITICAL
Network
|
store_locator_project
|
store_locator
|
SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php.
|
CWE-89
SQL Injection
|
CVE-2014-8621
|
2024-11-21 11:19 |
2017-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
