|
283421
|
5.9 |
MEDIUM
Network
|
ldaptive
|
ldaptive
vt-ldap
|
DefaultHostnameVerifier in Ldaptive (formerly vt-ldap) does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) field of the X.509 certificate, which …
|
CWE-295
Improper Certificate Validation
|
CVE-2014-3607
|
2024-11-21 11:08 |
2018-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283422
|
9.8 |
CRITICAL
Network
|
playframework
lightbend
|
play_framework
|
XML external entity (XXE) vulnerability in the Java XML processing functionality in Play before 2.2.6 and 2.3.x before 2.3.5 might allow remote attackers to read arbitrary files, cause a denial of se…
|
CWE-611
XXE
|
CVE-2014-3630
|
2024-11-21 11:08 |
2017-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283423
|
7.5 |
HIGH
Network
|
keycloak
|
keycloak
|
JBoss KeyCloak before 1.0.3.Final allows remote attackers to cause a denial of service (resource consumption) via a large value in the size parameter to auth/qrcode, related to QR code generation.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2014-3651
|
2024-11-21 11:08 |
2017-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283424
|
9.8 |
CRITICAL
Network
|
apache
|
traffic_server
|
Apache Traffic Server 5.1.x before 5.1.1 allows remote attackers to bypass access restrictions by leveraging failure to properly tunnel remap requests using CONNECT.
|
CWE-284
Improper Access Control
|
CVE-2014-3624
|
2024-11-21 11:08 |
2017-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283425
|
7.5 |
HIGH
Network
|
apache
|
wicket
|
Apache Wicket before 1.5.12, 6.x before 6.17.0, and 7.x before 7.0.0-M3 might allow remote attackers to obtain sensitive information via vectors involving identifiers for storing page markup for temp…
|
CWE-200
Information Exposure
|
CVE-2014-3526
|
2024-11-21 11:08 |
2017-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283426
|
9.8 |
CRITICAL
Network
|
apache
|
activemq
|
XML external entity (XXE) vulnerability in Apache ActiveMQ 5.x before 5.10.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML messag…
|
CWE-611
XXE
|
CVE-2014-3600
|
2024-11-21 11:08 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283427
|
9.8 |
CRITICAL
Network
|
apache
|
activemq_apollo
|
XML external entity (XXE) vulnerability in Apache ActiveMQ Apollo 1.x before 1.7.1 allows remote consumers to have unspecified impact via vectors involving an XPath based selector when dequeuing XML …
|
CWE-611
XXE
|
CVE-2014-3579
|
2024-11-21 11:08 |
2017-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283428
|
7.5 |
HIGH
Network
|
nodejs
|
node.js
|
Directory traversal vulnerability in the st module before 0.2.5 for Node.js allows remote attackers to read arbitrary files via a %2e%2e (encoded dot dot) in an unspecified path.
|
CWE-22
Path Traversal
|
CVE-2014-3744
|
2024-11-21 11:08 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283429
|
9.8 |
CRITICAL
Network
|
node-printer_project
|
node-printer
|
The printDirect function in lib/printer.js in the node-printer module 0.0.1 and earlier for Node.js allows remote attackers to execute arbitrary commands via unspecified characters in the lpr command.
|
CWE-77
Command Injection
|
CVE-2014-3741
|
2024-11-21 11:08 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283430
|
8.8 |
HIGH
Network
|
keycloak
|
keycloak
|
The org.keycloak.services.resources.SocialResource.callback method in JBoss KeyCloak before 1.0.3.Final allows remote attackers to conduct cross-site request forgery (CSRF) attacks by leveraging lack…
|
CWE-352
Origin Validation Error
|
CVE-2014-3709
|
2024-11-21 11:08 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
