|
282551
|
- |
|
innovaphone
|
innovaphone_pbx
|
Multiple cross-site request forgery (CSRF) vulnerabilities in innovaphone PBX 10.00 sr11 and earlier allow remote attackers to hijack the authentication of administrators for requests that modify con…
|
CWE-352
Origin Validation Error
|
CVE-2014-5335
|
2024-11-21 11:11 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282552
|
- |
|
openstack
canonical
|
image_registry_and_delivery_service_\(glance\)
ubuntu_linux
|
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configurati…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5356
|
2024-11-21 11:11 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282553
|
- |
|
openstack
canonical
|
keystone
ubuntu_linux
|
OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access …
|
CWE-255
Credentials Management
|
CVE-2014-5253
|
2024-11-21 11:11 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282554
|
- |
|
openstack
canonical
|
keystone
ubuntu_linux
|
The V3 API in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 updates the issued_at value for UUID v2 tokens, which allows remote authenticated users to bypass the tok…
|
CWE-255
Credentials Management
|
CVE-2014-5252
|
2024-11-21 11:11 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282555
|
- |
|
openstack
canonical
|
keystone
ubuntu_linux
|
The MySQL token driver in OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 stores timestamps with the incorrect precision, which causes the expiration comparison for to…
|
CWE-255
Credentials Management
|
CVE-2014-5251
|
2024-11-21 11:11 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282556
|
- |
|
php
|
php
|
gd_ctx.c in the GD component in PHP 5.4.x before 5.4.32 and 5.5.x before 5.5.16 does not ensure that pathnames lack %00 sequences, which might allow remote attackers to overwrite arbitrary files via …
|
CWE-20
Improper Input Validation
|
CVE-2014-5120
|
2024-11-21 11:11 |
2014-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282557
|
- |
|
mediawiki
|
mediawiki
|
MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 does not enforce an IFRAME protection mechanism for transcluded pages, which makes it easier for remote attacke…
|
CWE-20
Improper Input Validation
|
CVE-2014-5243
|
2024-11-21 11:11 |
2014-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282558
|
- |
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in mediawiki.page.image.pagination.js in MediaWiki 1.22.x before 1.22.9 and 1.23.x before 1.23.2 allows remote attackers to inject arbitrary web script or HTM…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5242
|
2024-11-21 11:11 |
2014-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282559
|
- |
|
mediawiki
|
mediawiki
|
The JSONP endpoint in includes/api/ApiFormatJson.php in MediaWiki before 1.19.18, 1.20.x through 1.22.x before 1.22.9, and 1.23.x before 1.23.2 accepts certain long callback values and does not restr…
|
CWE-352
Origin Validation Error
|
CVE-2014-5241
|
2024-11-21 11:11 |
2014-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282560
|
- |
|
schrack
|
technik_microcontrol_firmware
technik_microcontrol
|
The web interface in Schrack Technik microControl with firmware before 1.7.0 (937) has a hardcoded password of not for the "user" account, which makes it easier for remote attackers to obtain access …
|
NVD-CWE-Other
|
CVE-2014-5396
|
2024-11-21 11:11 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
