|
290021
|
- |
|
bestsoftinc
|
advance_hotel_booking_system
|
Cross-site scripting (XSS) vulnerability in booking_details.php in Best Soft Inc. (BSI) Advance Hotel Booking System 2.0 allows remote attackers to inject arbitrary web script or HTML via the title p…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4035
|
2024-11-21 11:09 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290022
|
- |
|
aas9
|
zerocms
|
SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
|
CWE-89
SQL Injection
|
CVE-2014-4034
|
2024-11-21 11:09 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290023
|
- |
|
efrontlearning
|
efront
|
Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname paramet…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4033
|
2024-11-21 11:09 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290024
|
- |
|
fiyo
|
fiyo_cms
|
Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the Nama field.
|
CWE-79
Cross-site Scripting
|
CVE-2014-4032
|
2024-11-21 11:09 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290025
|
- |
|
daiki_ueno
|
libfep
|
libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in the abstract namespace, which allows local users to gain privileges via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3980
|
2024-11-21 11:09 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290026
|
- |
|
pulseaudio
|
pulseaudio
|
The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an emp…
|
NVD-CWE-noinfo
|
CVE-2014-3970
|
2024-11-21 11:09 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290027
|
- |
|
rocketsoftware
|
rocket_servergraph
|
The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (…
|
CWE-94
Code Injection
|
CVE-2014-3915
|
2024-11-21 11:09 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290028
|
- |
|
samsung
|
ipolis_device_manager
|
Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdva…
|
CWE-94
Code Injection
|
CVE-2014-3911
|
2024-11-21 11:09 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290029
|
- |
|
conversionninja
|
conversion_ninja
|
Cross-site scripting (XSS) vulnerability in the Conversion Ninja plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2014-4017
|
2024-11-21 11:09 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290030
|
- |
|
freebsd
|
freebsd
|
The (1) execve and (2) fexecve system calls in the FreeBSD kernel 8.4 before p11, 9.1 before p14, 9.2 before p7, and 10.0 before p4 destroys the virtual memory address space and mappings for a proces…
|
CWE-20
Improper Input Validation
|
CVE-2014-3880
|
2024-11-21 11:09 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
