|
285131
|
- |
|
mantisbt
|
mantisbt
|
MantisBT before 1.2.18 uses the public_key parameter value as the key to the CAPTCHA answer, which allows remote attackers to bypass the CAPTCHA protection mechanism by leveraging knowledge of a CAPT…
|
CWE-284
Improper Access Control
|
CVE-2014-9117
|
2024-11-21 11:20 |
2014-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285132
|
- |
|
openbsd
|
openssh
|
The OpenSSH server, as used in Fedora and Red Hat Enterprise Linux 7 and when running in a Kerberos environment, allows remote authenticated users to log in as another user when they are listed in th…
|
CWE-287
Improper Authentication
|
CVE-2014-9278
|
2024-11-21 11:20 |
2014-12-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285133
|
- |
|
jrss_widget_project
|
jrss_widget
|
Server-side request forgery (SSRF) vulnerability in proxy.php in the jRSS Widget plugin 1.2 and earlier for WordPress allows remote attackers to trigger outbound requests and enumerate open ports via…
|
NVD-CWE-Other
|
CVE-2014-9292
|
2024-11-21 11:20 |
2014-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285134
|
- |
|
redhat
|
tcpdump
|
Buffer overflow in the ppp_hdlc function in print-ppp.c in tcpdump 4.6.2 and earlier allows remote attackers to cause a denial of service (crash) cia a crafted PPP packet.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-9140
|
2024-11-21 11:20 |
2014-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285135
|
- |
|
debian
fedoraproject
lsyncd_project
|
debian_linux
fedora
lsyncd
|
default-rsyncssh.lua in Lsyncd 2.1.5 and earlier allows remote attackers to execute arbitrary commands via shell metacharacters in a filename.
|
CWE-77
Command Injection
|
CVE-2014-8990
|
2024-11-21 11:20 |
2014-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285136
|
- |
|
pbboard
|
pbboard
|
SQL injection vulnerability in the CheckEmail function in includes/functions.class.php in PBBoard 3.0.1 before 20141128 allows remote attackers to execute arbitrary SQL commands via the email paramet…
|
CWE-89
SQL Injection
|
CVE-2014-9215
|
2024-11-21 11:20 |
2014-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285137
|
- |
|
altitude
|
altitude_unified_customer_interaction
|
Multiple cross-site scripting (XSS) vulnerabilities in Altitude uAgent in Altitude uCI (Unified Customer Interaction) 7.5 allow remote attackers to inject arbitrary web script or HTML via (1) an emai…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9212
|
2024-11-21 11:20 |
2014-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285138
|
- |
|
technicolor
|
td5130_router_firmware
|
Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter).
|
CWE-77
Command Injection
|
CVE-2014-9144
|
2024-11-21 11:20 |
2014-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285139
|
- |
|
technicolor
|
td5130_router_firmware
|
Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failre…
|
CWE-17
Code
|
CVE-2014-9143
|
2024-11-21 11:20 |
2014-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285140
|
- |
|
technicolor
|
td5130_router_firmware
|
Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9142
|
2024-11-21 11:20 |
2014-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
