|
290351
|
- |
|
invensys
|
wonderware_information_server
|
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 uses weak encryption, which allows remote attackers to obtain sensitive information by reading a credential file.
|
NVD-CWE-Other
|
CVE-2014-2380
|
2024-11-21 11:06 |
2014-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290352
|
- |
|
kdirstat_project
opensuse
|
kdirstat
opensuse
|
kcleanup.cpp in KDirStat 2.7.3 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a ' (single quote) character in the directory…
|
NVD-CWE-Other
|
CVE-2014-2528
|
2024-11-21 11:06 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290353
|
- |
|
kdirstat_project
opensuse
|
kdirstat
opensuse
|
kcleanup.cpp in KDirStat 2.7.0 does not properly quote strings when deleting a directory, which allows remote attackers to execute arbitrary commands via a " (double quote) character in the directory…
|
NVD-CWE-Other
|
CVE-2014-2527
|
2024-11-21 11:06 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290354
|
- |
|
hp
|
service_manager
|
Unspecified vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to bypass intended access restrictions, and modify data or cause a denial of servic…
|
NVD-CWE-noinfo
|
CVE-2014-2634
|
2024-11-21 11:06 |
2014-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290355
|
- |
|
hp
|
service_manager
|
Cross-site request forgery (CSRF) vulnerability in the server in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to hijack the authentication of unspecified victims via unkno…
|
CWE-352
Origin Validation Error
|
CVE-2014-2633
|
2024-11-21 11:06 |
2014-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290356
|
- |
|
hp
|
service_manager
|
Unspecified vulnerability in the WebTier component in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to execute arbitrary code via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2014-2632
|
2024-11-21 11:06 |
2014-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290357
|
- |
|
mageia
gnu
opensuse
fedoraproject
|
mageia
readline
opensuse
fedora
|
The _rl_tropen function in util.c in GNU readline before 6.3 patch 3 allows local users to create or overwrite arbitrary files via a symlink attack on a /var/tmp/rltrace.[PID] file.
|
CWE-59
Link Following
|
CVE-2014-2524
|
2024-11-21 11:06 |
2014-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290358
|
- |
|
emc
|
documentum_content_server
|
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07 allows remote authenticated users to read sensitive object metadata via an RPC command.
|
CWE-200
Information Exposure
|
CVE-2014-2521
|
2024-11-21 11:06 |
2014-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290359
|
- |
|
emc
|
documentum_content_server
|
EMC Documentum Content Server before 6.7 SP2 P16 and 7.x before 7.1 P07, when Oracle Database is used, does not properly restrict DQL hints, which allows remote authenticated users to conduct DQL inj…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2520
|
2024-11-21 11:06 |
2014-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290360
|
- |
|
emc
|
documentum_webtop
documentum_administrator
web_publishers
documentum_capital_projects
documentum_records_manager
documentum_wdk
digital_assets_manager
engineering_plant_facilitie…
|
Multiple cross-site request forgery (CSRF) vulnerabilities in EMC Documentum WDK before 6.7SP1 P28 and 6.7SP2 before P15 allow remote attackers to hijack the authentication of arbitrary users.
|
CWE-352
Origin Validation Error
|
CVE-2014-2518
|
2024-11-21 11:06 |
2014-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
