|
285391
|
7.5 |
HIGH
Network
|
wp-db-backup_project
|
wp-db-backup
|
The wp-db-backup plugin 2.2.4 for WordPress relies on a five-character string for access control, which makes it easier for remote attackers to read backup archives via a brute-force attack.
|
CWE-200
Information Exposure
|
CVE-2014-10076
|
2024-11-21 11:03 |
2018-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285392
|
9.8 |
CRITICAL
Network
|
karo_project
|
karo
|
The karo gem 2.3.8 for Ruby allows Remote command injection via the host field.
|
CWE-77
Command Injection
|
CVE-2014-10075
|
2024-11-21 11:03 |
2018-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285393
|
9.8 |
CRITICAL
Network
|
umbraco
|
umbraco_cms
|
Umbraco before 7.2.0 has a remote PHP code execution vulnerability because Umbraco.Web.UI/config/umbracoSettings.Release.config does not block the upload of .php files.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2014-10074
|
2024-11-21 11:03 |
2018-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285394
|
7.5 |
HIGH
Network
|
fancy-server_project
|
fancy-server
|
Versions less than 0.1.4 of the static file server module fancy-server are vulnerable to directory traversal. An attacker can provide input such as `../` to read files outside of the served directory.
|
CWE-22
Path Traversal
|
CVE-2014-10066
|
2024-11-21 11:03 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285395
|
6.1 |
MEDIUM
Network
|
remarkable_project
|
remarkable
|
Certain input when passed into remarkable before 1.4.1 will bypass the bad protocol check that disallows the javascript: scheme allowing for javascript: url's to be injected into the rendered content.
|
CWE-79
Cross-site Scripting
|
CVE-2014-10065
|
2024-11-21 11:03 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285396
|
7.5 |
HIGH
Network
|
qs_project
|
qs
|
The qs module before 1.0.0 does not have an option or default for specifying object depth and when parsing a string representing a deeply nested object will block the event loop for long periods of t…
|
CWE-399
Resource Management Errors
|
CVE-2014-10064
|
2024-11-21 11:03 |
2018-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285397
|
7.5 |
HIGH
Network
|
hapi
|
inert
|
The inert directory handler in inert node module before 1.1.1 always allows files in hidden directories to be served, even when `showHidden` is false.
|
CWE-22
Path Traversal
|
CVE-2014-10068
|
2024-11-21 11:03 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285398
|
5.9 |
MEDIUM
Network
|
paypal-ipn_project
|
paypal-ipn
|
paypal-ipn before 3.0.0 uses the `test_ipn` parameter (which is set by the PayPal IPN simulator) to determine if it should use the production PayPal site or the sandbox. With a bit of time, an attack…
|
CWE-287
Improper Authentication
|
CVE-2014-10067
|
2024-11-21 11:03 |
2018-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285399
|
7.1 |
HIGH
Network
|
ibm
|
rational_clearquest
|
Multiple XML external entity (XXE) vulnerabilities in (1) CQWeb / CM Server, (2) ClearQuest Native client, (3) ClearQuest Eclipse client, and (4) ClearQuest Eclipse Designer components in IBM Rationa…
|
CWE-611
XXE
|
CVE-2014-0950
|
2024-11-21 11:03 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285400
|
9.1 |
CRITICAL
Network
|
ibm
|
rational_clearcase
|
Multiple XML external entity (XXE) vulnerabilities in the (1) CCRC WAN Server / CM Server, (2) Perl CC/CQ integration trigger scripts, (3) CMAPI Java interface, (4) ClearCase remote client, and (5) C…
|
CWE-611
XXE
|
CVE-2014-0931
|
2024-11-21 11:03 |
2018-04-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
