|
281511
|
- |
|
modx
|
modx_revolution
|
Cross-site scripting (XSS) vulnerability in manager/templates/default/header.tpl in MODX Revolution 2.3.1-pl and earlier allows remote attackers to inject arbitrary web script or HTML via the "a" par…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5451
|
2024-11-21 11:12 |
2014-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281512
|
- |
|
meinberg
|
ntp_server_firmware
lantime_m100
lantime_m200
lantime_m300
lantime_m3000
lantime_m400
lantime_m600
lantime_m900
|
Cross-site scripting (XSS) vulnerability in Meinberg NTP Server firmware on LANTIME M-Series devices 6.15.019 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecifie…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5417
|
2024-11-21 11:12 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281513
|
- |
|
pro_softnet_corporation
|
ibackup
|
iBackup 10.0.0.32 and earlier uses weak permissions (Everyone: Full Control) for ib_service.exe, which allows local users to gain privileges via a Trojan horse file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5507
|
2024-11-21 11:12 |
2014-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281514
|
- |
|
xrms_crm_project
|
xrms_crm
|
SQL injection vulnerability in XRMS CRM, possibly 1.99.2, allows remote attackers to execute arbitrary SQL commands via the user_id parameter to plugins/webform/new-form.php, which is not properly ha…
|
CWE-89
SQL Injection
|
CVE-2014-5520
|
2024-11-21 11:12 |
2014-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281515
|
- |
|
zarafa
|
webapp
webaccess
|
Zarafa WebAccess 4.1 and WebApp uses world-readable permissions for the files in their tmp directory, which allows local users to obtain sensitive information by reading temporary session data.
|
CWE-200
Information Exposure
|
CVE-2014-5449
|
2024-11-21 11:12 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281516
|
- |
|
zarafa
|
zarafa
|
Zarafa 5.00 uses world-readable permissions for the files in the log directory, which allows local users to obtain sensitive information by reading the log files.
|
CWE-200
Information Exposure
|
CVE-2014-5448
|
2024-11-21 11:12 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281517
|
- |
|
zarafa
|
webapp
zarafa
|
Zarafa WebAccess 7.1.10 and WebApp 1.6 beta uses weak permissions (644) for config.php, which allows local users to obtain sensitive information by reading the PHP session files. NOTE: this vulnerab…
|
CWE-200
Information Exposure
|
CVE-2014-5447
|
2024-11-21 11:12 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281518
|
- |
|
ioserver
|
ioserver
|
IOServer before Beta2112.exe allows remote attackers to cause a denial of service (out-of-bounds read and master entry consumption) via a null DNP3 header.
|
CWE-399
Resource Management Errors
|
CVE-2014-5425
|
2024-11-21 11:12 |
2014-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281519
|
- |
|
carefusion
|
pyxis_supplystation
|
CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 allows local users to obtain potentially sensitive information by reading a temporary (1) debugging file or (2) developer file.
|
CWE-255
Credentials Management
|
CVE-2014-5423
|
2024-11-21 11:12 |
2014-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281520
|
- |
|
carefusion
|
pyxis_supplystation
|
CareFusion Pyxis SupplyStation 8.1 with hardware test tool before 1.0.16 has a hardcoded service password, which makes it easier for remote attackers to obtain access via unspecified vectors.
|
CWE-255
Credentials Management
|
CVE-2014-5422
|
2024-11-21 11:12 |
2014-10-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
