|
285871
|
- |
|
crowbar
novell
|
barclamp
suse_cloud
|
Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass secur…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0592
|
2024-11-21 11:02 |
2014-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285872
|
- |
|
gnu
|
a2ps
|
The fixps script in a2ps 4.14 does not use the -dSAFER option when executing gs, which allows context-dependent attackers to delete arbitrary files or execute arbitrary commands via a crafted PostScr…
|
NVD-CWE-noinfo
|
CVE-2014-0466
|
2024-11-21 11:02 |
2014-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285873
|
- |
|
ibm
|
websphere_portal
|
Cross-site scripting (XSS) vulnerability in the WCM (Web Content Manager) UI in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF27, and 8.0.…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0828
|
2024-11-21 11:02 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285874
|
- |
|
emc
|
vplex_geosynchrony
|
Session fixation vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote attackers to hijack web sessions via unspecified vectors.
|
CWE-287
Improper Authentication
|
CVE-2014-0635
|
2024-11-21 11:02 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285875
|
- |
|
emc
|
vplex_geosynchrony
|
EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sen…
|
CWE-20
Improper Input Validation
|
CVE-2014-0634
|
2024-11-21 11:02 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285876
|
- |
|
emc
|
vplex_geosynchrony
|
The GUI in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not properly validate session-timeout values, which might make it easier for remote attackers to execute arbitrary code by leveraging an …
|
CWE-20
Improper Input Validation
|
CVE-2014-0633
|
2024-11-21 11:02 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285877
|
- |
|
emc
|
vplex_geosynchrony
|
Directory traversal vulnerability in EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 allows remote authenticated users to execute arbitrary code via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2014-0632
|
2024-11-21 11:02 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285878
|
- |
|
ibm
|
storwize_v7000_software
storwize_v7000
flex_system_v7000_software
flex_system_v7000
storwize_v3700_software
storwize_v3700
storwize_v3500_software
storwize_v3500
san_volume_co…
|
IBM SAN Volume Controller; Storwize V3500, V3700, V5000, and V7000; and Flex System V7000 with software 6.3 and 6.4 before 6.4.1.8, and 7.1 and 7.2 before 7.2.0.3, allow remote attackers to obtain CL…
|
NVD-CWE-noinfo
|
CVE-2014-0880
|
2024-11-21 11:02 |
2014-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285879
|
- |
|
emc
|
rsa_authentication_manager
|
Cross-site scripting (XSS) vulnerability in the Self-Service Console in EMC RSA Authentication Manager 7.1 before SP4 P32 allows remote attackers to inject arbitrary web script or HTML via unspecifie…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0623
|
2024-11-21 11:02 |
2014-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285880
|
- |
|
adobe
|
acrobat_reader
|
Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0512
|
2024-11-21 11:02 |
2014-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
