|
285831
|
- |
|
cisco
|
secure_access_control_system
|
Open redirect vulnerability in the web interface in Cisco Secure Access Control System (ACS) allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspe…
|
NVD-CWE-Other
|
CVE-2014-8029
|
2024-11-21 11:18 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285832
|
- |
|
cisco
|
secure_access_control_system
|
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified para…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8028
|
2024-11-21 11:18 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285833
|
- |
|
cisco
|
secure_access_control_system
|
The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8027
|
2024-11-21 11:18 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285834
|
- |
|
redhat
|
libvirt
|
The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated us…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8131
|
2024-11-21 11:18 |
2015-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285835
|
- |
|
osclass
|
osclass
|
Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code b…
|
NVD-CWE-Other
|
CVE-2014-8085
|
2024-11-21 11:18 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285836
|
- |
|
osclass
|
osclass
|
Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the aja…
|
CWE-22
Path Traversal
|
CVE-2014-8084
|
2024-11-21 11:18 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285837
|
- |
|
osclass
|
osclass
|
SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription…
|
CWE-89
SQL Injection
|
CVE-2014-8083
|
2024-11-21 11:18 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285838
|
- |
|
sound_exchange_project
debian
oracle
|
sound_exchange
debian_linux
solaris
|
Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock fu…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-8145
|
2024-11-21 11:18 |
2015-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285839
|
- |
|
doorkeeper_project
|
doorkeeper
|
Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorizatio…
|
CWE-352
Origin Validation Error
|
CVE-2014-8144
|
2024-11-21 11:18 |
2015-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285840
|
- |
|
apache
canonical
fedoraproject
oracle
|
http_server
ubuntu_linux
fedora
enterprise_manager_ops_center
|
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different ar…
|
CWE-863
Incorrect Authorization
|
CVE-2014-8109
|
2024-11-21 11:18 |
2014-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
