|
282941
|
8.1 |
HIGH
Network
|
unify
|
openstage_sip
openscape_desk_phone_ip_sip
|
The web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 generates session cookies with insufficient entropy, which makes…
|
CWE-331
Insufficient Entropy
|
CVE-2014-8422
|
2024-11-21 11:19 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282942
|
7.5 |
HIGH
Network
|
unify
|
openstage_sip
openscape_desk_phone_ip_sip
|
Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allow remote attackers to gain super-user privileges by leveraging SSH access and incorrect ownership of (1)…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8421
|
2024-11-21 11:19 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282943
|
5.4 |
MEDIUM
Network
|
jease
|
jease
|
Cross-site scripting (XSS) vulnerability in Jease 2.11 allows remote authenticated users to inject arbitrary web script or HTML via a content section note.
|
CWE-79
Cross-site Scripting
|
CVE-2014-8780
|
2024-11-21 11:19 |
2018-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282944
|
9.8 |
CRITICAL
Network
|
trendnet
|
tew-823dru_firmware
|
TRENDnet TEW-823DRU devices with firmware before 1.00b36 have a hardcoded password of kcodeskcodes for the root account, which makes it easier for remote attackers to obtain access via an FTP session.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2014-8579
|
2024-11-21 11:19 |
2018-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282945
|
6.5 |
MEDIUM
Network
|
gitlab
|
gitlab
|
The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8540
|
2024-11-21 11:19 |
2018-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282946
|
9.8 |
CRITICAL
Network
|
airlive
|
bu-3026_firmware
md-3025_firmware
wl-2000cam_firmware
poe-200cam_v2_firmware
bu-2015_firmware
|
cgi-bin/mft/wireless_mft.cgi in AirLive BU-2015 with firmware 1.03.18 16.06.2014, AirLive BU-3026 with firmware 1.43 21.08.2014, AirLive MD-3025 with firmware 1.81 21.08.2014, AirLive WL-2000CAM with…
|
CWE-78
OS Command
|
CVE-2014-8389
|
2024-11-21 11:19 |
2017-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282947
|
5.3 |
MEDIUM
Network
|
codeasily
|
grand_flagallery
|
The Grand Flagallery plugin before 4.25 for WordPress allows remote attackers to obtain the installation path via a request to (1) flagallery-skins/banner_widget_default/gallery.php or (2) flash-albu…
|
CWE-200
Information Exposure
|
CVE-2014-8491
|
2024-11-21 11:19 |
2017-10-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282948
|
9.8 |
CRITICAL
Network
|
store_locator_project
|
store_locator
|
SQL injection vulnerability in the Store Locator plugin 2.3 through 3.11 for WordPress allows remote attackers to execute arbitrary SQL commands via the sl_custom_field parameter to sl-xml.php.
|
CWE-89
SQL Injection
|
CVE-2014-8621
|
2024-11-21 11:19 |
2017-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282949
|
6.1 |
MEDIUM
Network
|
tech-banker
|
gallery_bank
|
Cross-site scripting (XSS) vulnerability in Best Gallery Albums Plugin before 3.0.70for WordPress allows remote attackers to inject arbitrary web script or HTML via the order_id parameter in the gall…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8758
|
2024-11-21 11:19 |
2017-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282950
|
6.1 |
MEDIUM
Network
|
cozmoslabs
|
profile_builder
|
Multiple cross-site scripting (XSS) vulnerabilities in assets/misc/fallback-page.php in the Profile Builder plugin before 2.0.3 for WordPress allow remote attackers to inject arbitrary web script or …
|
CWE-79
Cross-site Scripting
|
CVE-2014-8492
|
2024-11-21 11:19 |
2017-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
