|
287031
|
5.9 |
MEDIUM
Network
|
fusionforge
debian
|
fusionforge
debian_linux
|
FusionForge before 5.3.2 use scripts that run under the shared Apache user, which is also used by project homepages by default. If project webpages are hosted on the same server than FusionForge, it …
|
CWE-200
Information Exposure
|
CVE-2014-6275
|
2024-11-21 11:14 |
2020-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287032
|
6.1 |
MEDIUM
Network
|
livefyre
|
livecomments
|
Cross-site scripting (XSS) vulnerability in Livefyre LiveComments 3.0 allows remote attackers to inject arbitrary web script or HTML via the name of an uploaded picture.
|
CWE-79
Cross-site Scripting
|
CVE-2014-6420
|
2024-11-21 11:14 |
2019-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287033
|
9.8 |
CRITICAL
Network
|
vanderbilt
debian
|
adaptive_communication_environment
debian_linux
|
generate_doygen.pl in ace before 6.2.7+dfsg-2 creates predictable file names in the /tmp directory which allows attackers to gain elevated privileges.
|
CWE-330
Use of Insufficiently Random Values
|
CVE-2014-6311
|
2024-11-21 11:14 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287034
|
9.8 |
CRITICAL
Network
|
call-cc
debian
|
chicken
debian_linux
|
Buffer overflow in CHICKEN 4.9.0 and 4.9.0.1 may allow remote attackers to execute arbitrary code via the 'select' function.
|
CWE-120
Classic Buffer Overflow
|
CVE-2014-6310
|
2024-11-21 11:14 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287035
|
8.1 |
HIGH
Network
|
wordpress
|
wordpress
|
WordPress before 4.4 makes it easier for remote attackers to predict password-recovery tokens via a brute-force approach.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2014-6412
|
2024-11-21 11:14 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287036
|
8.8 |
HIGH
Network
|
tryton
|
tryton
|
The safe_eval function in trytond in Tryton before 2.4.15, 2.6.x before 2.6.14, 2.8.x before 2.8.11, 3.0.x before 3.0.7, and 3.2.x before 3.2.3 allows remote authenticated users to execute arbitrary …
|
CWE-77
Command Injection
|
CVE-2014-6633
|
2024-11-21 11:14 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287037
|
7.5 |
HIGH
Network
|
tenefit
|
kaazing_websocket_gateway
|
The HTTP and WebSocket engine components in the server in Kaazing Gateway 4.0.2, 4.0.3, and 4.0.4 and Gateway - JMS Edition 4.0.2, 4.0.3, and 4.0.4 allow remote attackers to obtain sensitive informat…
|
CWE-200
Information Exposure
|
CVE-2014-6309
|
2024-11-21 11:14 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287038
|
6.1 |
MEDIUM
Network
|
subscribe2_project
|
subscribe2
|
Cross-site scripting (XSS) vulnerability in class-s2-list-table.php in the Subscribe2 plugin before 10.16 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ip param…
|
CWE-79
Cross-site Scripting
|
CVE-2014-6604
|
2024-11-21 11:14 |
2018-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287039
|
9.8 |
CRITICAL
Network
|
industrial.softing
|
fg-100_pb_profibus_firmware
|
Softing FG-100 PB PROFIBUS firmware version FG-x00-PB_V2.02.0.00 contains a hardcoded password for the root account, which allows remote attackers to obtain administrative access via a TELNET session.
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2014-6617
|
2024-11-21 11:14 |
2018-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287040
|
9.8 |
CRITICAL
Network
|
aztech
|
adsl_dsl5018en_\(1t1r\)_firmware
dsl705e_firmware
dsl705eu_firmware
|
Aztech ADSL DSL5018EN (1T1R), DSL705E, and DSL705EU devices allow remote attackers to obtain sensitive device configuration information via vectors involving the ROM file.
|
CWE-200
Information Exposure
|
CVE-2014-6437
|
2024-11-21 11:14 |
2018-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
