|
285761
|
- |
|
redhat
|
uberfire
|
The UberFire Framework 0.3.x does not properly restrict paths, which allows remote attackers to (1) execute arbitrary code by uploading crafted content to FileUploadServlet or (2) read arbitrary file…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8114
|
2024-11-21 11:18 |
2015-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285762
|
- |
|
powerpc-utils_project
|
powerpc-utils
|
scripts/amsvis/powerpcAMS/amsnet.py in powerpc-utils-python uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object.
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2014-8165
|
2024-11-21 11:18 |
2015-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285763
|
- |
|
cisco
|
adaptive_security_appliance_software
|
Cisco Adaptive Security Appliance (ASA) Software 9.2(.3) and earlier, when challenge-response authentication is used, does not properly select tunnel groups, which allows remote authenticated users t…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8023
|
2024-11-21 11:18 |
2015-02-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285764
|
- |
|
hp
|
universal_configuration_management_database
|
HP Universal CMDB (UCMDB) Probe 9.05, 10.01, and 10.11 enables the HTTP TRACE method, which allows remote attackers to obtain sensitive information by reading the headers of a response.
|
CWE-200
Information Exposure
|
CVE-2014-7883
|
2024-11-21 11:18 |
2015-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285765
|
- |
|
redhat
|
jboss_weld
|
Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state.
|
CWE-362
Race Condition
|
CVE-2014-8122
|
2024-11-21 11:18 |
2015-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285766
|
- |
|
redhat
|
jboss_operations_network
jboss_enterprise_application_platform
|
The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to t…
|
CWE-200
Information Exposure
|
CVE-2014-7853
|
2024-11-21 11:18 |
2015-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285767
|
- |
|
redhat
|
jboss_enterprise_application_platform
|
The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authentic…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7849
|
2024-11-21 11:18 |
2015-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285768
|
- |
|
redhat
|
jboss_enterprise_application_platform
|
The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7827
|
2024-11-21 11:18 |
2015-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285769
|
- |
|
advantech
|
eki-1200_gateway_series_firmware
|
Buffer overflow on Advantech EKI-1200 gateways with firmware before 1.63 allows remote attackers to execute arbitrary code via unspecified vectors.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-8385
|
2024-11-21 11:18 |
2015-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285770
|
- |
|
apache
|
activemq
|
Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unsp…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8110
|
2024-11-21 11:18 |
2015-02-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
