|
288811
|
- |
|
xrms_crm_project
|
xrms_crm
|
plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter.
|
CWE-89
SQL Injection
|
CVE-2014-5521
|
2024-11-21 11:12 |
2014-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288812
|
- |
|
hl7
|
c-cda
|
CDA.xsl in HL7 C-CDA 1.1 and earlier does not anticipate the possibility of invalid C-CDA documents with crafted XML attributes, which allows remote attackers to conduct XSS attacks via a document co…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5452
|
2024-11-21 11:12 |
2014-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288813
|
- |
|
linux
|
linux_kernel
|
The parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (unkillable mount process) via a crafted iso9660 ima…
|
CWE-20
Improper Input Validation
|
CVE-2014-5472
|
2024-11-21 11:12 |
2014-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288814
|
- |
|
linux
|
linux_kernel
|
Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled rec…
|
CWE-399
Resource Management Errors
|
CVE-2014-5471
|
2024-11-21 11:12 |
2014-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288815
|
- |
|
php-sqrl_project
|
php-sqrl
|
SQL injection vulnerability in sqrl_verify.php in php-sqrl allows remote attackers to execute arbitrary SQL commands via the message parameter.
|
CWE-89
SQL Injection
|
CVE-2014-5458
|
2024-11-21 11:12 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288816
|
- |
|
qnap
|
ts-469u_firmware
ts-469u
ts-ec1679u-rp_firmware
ts-ec1679u-rp
ts-459u_firmware
ts-459u
ss-839_firmware
ss-839
|
QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed pass…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5457
|
2024-11-21 11:12 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288817
|
- |
|
social_stats_project
|
social_stats
|
Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the "[Content Type]: Create new content" permission to inject arbi…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5456
|
2024-11-21 11:12 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288818
|
- |
|
privatetunnel
openvpn
|
privatetunnel
openvpn
|
Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a …
|
CWE-428
Unquoted Search Path or Element
|
CVE-2014-5455
|
2024-11-21 11:12 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288819
|
- |
|
sas
|
visual_analytics
|
Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable exte…
|
NVD-CWE-Other
|
CVE-2014-5454
|
2024-11-21 11:12 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288820
|
- |
|
ubi
|
uplay_pc
|
Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: Full Control) for the program installation directory (%PROGRAMFILES%\Ubisoft Game Launcher), which allows local users to gain privil…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5453
|
2024-11-21 11:12 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
