|
286691
|
- |
|
apache
|
shiro
|
Apache Shiro 1.x before 1.2.3, when using an LDAP server with unauthenticated bind enabled, allows remote attackers to bypass authentication via an empty (1) username or (2) password.
|
CWE-287
Improper Authentication
|
CVE-2014-0074
|
2024-11-21 11:01 |
2014-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286692
|
- |
|
redhat
jboss
|
jboss_data_virtualization
teiid
|
Teiid before 8.4.3 and before 8.7 and Red Hat JBoss Data Virtualization 6.0.0 before patch 3 allows remote attackers to read arbitrary files via a crafted request to a REST endpoint, related to an XM…
|
NVD-CWE-Other
|
CVE-2014-0170
|
2024-11-21 11:01 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286693
|
- |
|
linux
|
linux_kernel
|
The futex_wait function in kernel/futex.c in the Linux kernel before 2.6.37 does not properly maintain a certain reference count during requeue operations, which allows local users to cause a denial …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0205
|
2024-11-21 11:01 |
2014-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286694
|
- |
|
fortinet
|
fortios
|
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.x before 5.0.8 on FortiGate devices does not prevent use of anonymous ciphersuites, which makes it easier for man-in-the-midd…
|
CWE-310
Cryptographic Issues
|
CVE-2014-0351
|
2024-11-21 11:01 |
2014-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286695
|
- |
|
ovirt
|
ovirt
|
The REST API in oVirt 3.4.0 and earlier stores session IDs in HTML5 local storage, which allows remote attackers to obtain sensitive information via a crafted web page.
|
CWE-200
Information Exposure
|
CVE-2014-0153
|
2024-11-21 11:01 |
2014-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286696
|
- |
|
ovirt
redhat
|
ovirt
ovirt-engine
|
Session fixation vulnerability in the web admin interface in oVirt 3.4.0 and earlier allows remote attackers to hijack web sessions via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2014-0152
|
2024-11-21 11:01 |
2014-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286697
|
- |
|
apache
|
ofbiz
|
Multiple cross-site scripting (XSS) vulnerabilities in framework/common/webcommon/includes/messages.ftl in Apache OFBiz 11.04.01 before 11.04.05 and 12.04.01 before 12.04.04 allow remote attackers to…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0232
|
2024-11-21 11:01 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286698
|
- |
|
iridium
|
open_port
pilot_below_deck_equipment
|
The Terminal Upgrade Tool in the Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allows remote attackers to execute arbitrary code by uploading new firmwa…
|
NVD-CWE-Other
|
CVE-2014-0327
|
2024-11-21 11:01 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286699
|
- |
|
iridium
|
open_port
pilot_below_deck_equipment
|
The Pilot Below Deck Equipment (BDE) and OpenPort implementations on Iridium satellite terminals allow remote attackers to read hardcoded credentials via the web interface.
|
NVD-CWE-Other
|
CVE-2014-0326
|
2024-11-21 11:01 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286700
|
- |
|
cobham
|
ailor_6110_mini-c_gmdss
sailor_6006_message_terminal
sailor_6222_vhf
sailor_6300_mf_\/_hf
|
The thraneLINK protocol implementation on Cobham devices does not verify firmware signatures, which allows attackers to execute arbitrary code by leveraging physical access or terminal access to send…
|
NVD-CWE-Other
|
CVE-2014-0328
|
2024-11-21 11:01 |
2014-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
