|
289901
|
- |
|
vmware
|
player
esxi
fusion
workstation
|
VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows gue…
|
NVD-CWE-Other
|
CVE-2014-3793
|
2024-11-21 11:08 |
2014-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289902
|
- |
|
citrix
|
vdi-in-a-box
|
Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet.
|
CWE-287
Improper Authentication
|
CVE-2014-3780
|
2024-11-21 11:08 |
2014-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289903
|
- |
|
jasig
|
uportal
|
uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3417
|
2024-11-21 11:08 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289904
|
- |
|
jasig
|
uportal
|
uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-adm…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3416
|
2024-11-21 11:08 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289905
|
- |
|
sharetronix
|
sharetronix
|
SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the invite_users[] parameter to the /invite page for a group.
|
CWE-89
SQL Injection
|
CVE-2014-3415
|
2024-11-21 11:08 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289906
|
- |
|
sharetronix
|
sharetronix
|
Cross-site request forgery (CSRF) vulnerability in Sharetronix before 3.4 allows remote attackers to hijack the authentication of administrators for requests that add administrative privileges to a u…
|
CWE-352
Origin Validation Error
|
CVE-2014-3414
|
2024-11-21 11:08 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289907
|
- |
|
mayan-edms
|
mayan_edms
|
Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3840
|
2024-11-21 11:08 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289908
|
- |
|
imember360
|
imember360
|
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Emai…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3849
|
2024-11-21 11:08 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289909
|
- |
|
imember360
|
imember360
|
The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3848
|
2024-11-21 11:08 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289910
|
- |
|
openstack
|
heat
|
OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider templ…
|
CWE-200
Information Exposure
|
CVE-2014-3801
|
2024-11-21 11:08 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
