|
291261
|
7.8 |
HIGH
Local
|
s3dvt_project
|
s3dvt
|
The pipe_init_terminal function in main.c in s3dvt allows local users to gain privileges by leveraging setuid permissions and usage of bash 4.3 and earlier. NOTE: This vulnerability exists because o…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1226
|
2024-11-21 11:03 |
2018-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291262
|
7.8 |
HIGH
Local
|
coreftp
|
core_ftp
|
Multiple buffer overflows in Core FTP Server before 1.2 build 508 allow local users to gain privileges via vectors related to reading data from config.dat and Windows Registry.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-1215
|
2024-11-21 11:03 |
2018-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291263
|
9.8 |
CRITICAL
Network
|
zsh_project
|
zsh
|
In utils.c in zsh before 5.0.6, there is a buffer overflow when scanning very long directory paths for symbolic links.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-10072
|
2024-11-21 11:03 |
2018-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291264
|
9.8 |
CRITICAL
Network
|
zsh
canonical
|
zsh
ubuntu_linux
|
In exec.c in zsh before 5.0.7, there is a buffer overflow for very long fds in the ">& fd" syntax.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-10071
|
2024-11-21 11:03 |
2018-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291265
|
7.8 |
HIGH
Local
|
zsh_project
|
zsh
|
zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation,…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-10070
|
2024-11-21 11:03 |
2018-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291266
|
7.5 |
HIGH
Network
|
hitrontech
|
cve-30360_firmware
|
Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a b…
|
CWE-310
Cryptographic Issues
|
CVE-2014-10069
|
2024-11-21 11:03 |
2018-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291267
|
9.8 |
CRITICAL
Network
|
eyou
|
eyou
|
The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_se…
|
CWE-77
Command Injection
|
CVE-2014-1203
|
2024-11-21 11:03 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291268
|
7.5 |
HIGH
Network
|
google
|
android
|
WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and poten…
|
CWE-19
Data Processing Errors
|
CVE-2014-0997
|
2024-11-21 11:03 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291269
|
7.8 |
HIGH
Local
|
graphviz
|
graphviz
|
Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-1235
|
2024-11-21 11:03 |
2017-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291270
|
- |
|
sendio
|
sendio
|
Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Ref…
|
CWE-200
Information Exposure
|
CVE-2014-0999
|
2024-11-21 11:03 |
2015-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
