|
292011
|
- |
|
s3ql_project
|
s3ql
|
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.
|
CWE-94
Code Injection
|
CVE-2014-0485
|
2024-11-21 11:02 |
2014-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292012
|
- |
|
ibm
|
worklight
mobile_foundation
|
IBM Worklight Foundation 5.x and 6.x before 6.2.0.0, as used in Worklight and Mobile Foundation, allows remote authenticated users to bypass the application-authenticity feature via unspecified vecto…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0888
|
2024-11-21 11:02 |
2014-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292013
|
- |
|
novell
|
groupwise
|
FileUploadServlet in the Administration service in Novell GroupWise 2014 before SP1 allows remote attackers to read or write to arbitrary files via the poLibMaintenanceFileSave parameter, aka ZDI-CAN…
|
CWE-200
Information Exposure
|
CVE-2014-0600
|
2024-11-21 11:02 |
2014-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292014
|
- |
|
qeiinc
|
epaq-9410_substation_gateway
|
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows physically proximate attackers to cause a denial of service (infinite loop or process crash) via crafted input over a serial line.
|
CWE-20
Improper Input Validation
|
CVE-2014-0762
|
2024-11-21 11:02 |
2014-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292015
|
- |
|
qeiinc
|
epaq-9410_substation_gateway
|
The DNP3 driver in CG Automation ePAQ-9410 Substation Gateway allows remote attackers to cause a denial of service (infinite loop or process crash) via a crafted TCP packet.
|
CWE-20
Improper Input Validation
|
CVE-2014-0761
|
2024-11-21 11:02 |
2014-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292016
|
- |
|
opensuse
djangoproject
|
opensuse
django
|
The administrative interface (contrib.admin) in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not check if a field represents a relationship be…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0483
|
2024-11-21 11:02 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292017
|
- |
|
opensuse
djangoproject
|
opensuse
django
|
The contrib.auth.middleware.RemoteUserMiddleware middleware in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3, when using the contrib.auth.backends.R…
|
CWE-287
Improper Authentication
|
CVE-2014-0482
|
2024-11-21 11:02 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292018
|
- |
|
opensuse_project
opensuse
djangoproject
debian
|
opensuse
django
debian_linux
|
The default configuration for the file upload handling system in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 uses a sequential file name generatio…
|
CWE-399
Resource Management Errors
|
CVE-2014-0481
|
2024-11-21 11:02 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292019
|
- |
|
opensuse
djangoproject
|
opensuse
django
|
The core.urlresolvers.reverse function in Django before 1.4.14, 1.5.x before 1.5.9, 1.6.x before 1.6.6, and 1.7 before release candidate 3 does not properly validate URLs, which allows remote attacke…
|
CWE-20
Improper Input Validation
|
CVE-2014-0480
|
2024-11-21 11:02 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292020
|
- |
|
emc
|
rsa_archer_egrc
|
Cross-site request forgery (CSRF) vulnerability in EMC RSA Archer GRC Platform 5.x before 5.5 SP1 allows remote attackers to hijack the authentication of arbitrary users.
|
CWE-352
Origin Validation Error
|
CVE-2014-0641
|
2024-11-21 11:02 |
2014-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
