|
281511
|
9.8 |
CRITICAL
Network
|
aztech
|
adsl_dsl5018en_\(1t1r\)_firmware
dsl705e_firmware
dsl705eu_firmware
|
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices improperly manage sessions, which allows remote attackers to bypass authentication in opportunistic circumstances and execute arbitrary com…
|
CWE-287
Improper Authentication
|
CVE-2014-6436
|
2024-11-21 11:14 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281512
|
7.5 |
HIGH
Network
|
aztech
|
adsl_dsl5018en_\(1t1r\)_firmware
dsl705e_firmware
dsl705eu_firmware
|
cgi-bin/AZ_Retrain.cgi in Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices does not check for authentication, which allows remote attackers to cause a denial of service (WAN connectivity r…
|
CWE-287
Improper Authentication
|
CVE-2014-6435
|
2024-11-21 11:14 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281513
|
7.5 |
HIGH
Network
|
ruby-lang
|
ruby
|
The URI.decode_www_form_component method in Ruby before 1.9.2-p330 allows remote attackers to cause a denial of service (catastrophic regular expression backtracking, resource consumption, or applica…
|
CWE-399
Resource Management Errors
|
CVE-2014-6438
|
2024-11-21 11:14 |
2017-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281514
|
6.1 |
MEDIUM
Network
|
openjsf
|
express
|
The Express web framework before 3.11 and 4.x before 4.5 for Node.js does not provide a charset field in HTTP Content-Type headers in 400 level responses, which might allow remote attackers to conduc…
|
CWE-79
Cross-site Scripting
|
CVE-2014-6393
|
2024-11-21 11:14 |
2017-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281515
|
7.5 |
HIGH
Network
|
microsoft
|
internet_explorer
|
Internet Explorer 6, Internet Explorer 7, Internet Explorer 8, Internet Explorer 9, Internet Explorer 10, and Internet Explorer 11 allows remote attackers to execute arbitrary code.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-6354
|
2024-11-21 11:14 |
2017-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281516
|
9.8 |
CRITICAL
Network
|
videolan
|
vlc
|
VideoLAN VLC media player before 2.1.5 allows remote attackers to execute arbitrary code or cause a denial of service.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-6440
|
2024-11-21 11:14 |
2017-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281517
|
4.3 |
MEDIUM
Network
|
roundup-tracker
debian
|
roundup
debian_linux
|
schema.py in Roundup before 1.5.1 does not properly limit attributes included in default user permissions, which might allow remote authenticated users to obtain sensitive user information by viewing…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-6276
|
2024-11-21 11:14 |
2016-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281518
|
6.1 |
MEDIUM
Network
|
titan_framework_project
|
titan_framework
|
Multiple cross-site scripting (XSS) vulnerabilities in the Titan Framework plugin before 1.6 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) t parameter to ifr…
|
CWE-79
Cross-site Scripting
|
CVE-2014-6444
|
2024-11-21 11:14 |
2016-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281519
|
- |
|
juniper
|
junos
|
J-Web in Juniper vSRX virtual firewalls with Junos OS before 15.1X49-D20 allows remote attackers to cause a denial of service (system reboot) via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2014-6451
|
2024-11-21 11:14 |
2015-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281520
|
- |
|
juniper
|
junos
|
Juniper Junos OS before 11.4R12-S4, 12.1X44 before 12.1X44-D41, 12.1X46 before 12.1X46-D26, 12.1X47 before 12.1X47-D11/D15, 12.2 before 12.2R9, 12.2X50 before 12.2X50-D70, 12.3 before 12.3R8, 12.3X48…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-6450
|
2024-11-21 11:14 |
2015-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
