|
289441
|
- |
|
pimcore
|
pimcore
|
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which all…
|
CWE-20
Improper Input Validation
|
CVE-2014-2922
|
2024-11-21 11:07 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289442
|
- |
|
pimcore
|
pimcore
|
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, w…
|
CWE-94
Code Injection
|
CVE-2014-2921
|
2024-11-21 11:07 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289443
|
- |
|
apple
|
cups
|
Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, rela…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2856
|
2024-11-21 11:07 |
2014-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289444
|
- |
|
f-secure
|
secure_messaging_secure_gateway
|
Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure Gateway 7.5.0 before Patch 1862 allows remote authenticated administrators to inject arbitrary web script or HTML via the new par…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2844
|
2024-11-21 11:07 |
2014-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289445
|
- |
|
oracle
|
identity_manager
|
Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web …
|
CWE-20
Improper Input Validation
|
CVE-2014-2880
|
2024-11-21 11:07 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289446
|
- |
|
sonicwall
|
email_security_appliance
|
Multiple cross-site scripting (XSS) vulnerabilities in Dell SonicWALL Email Security 7.4.5 and earlier allow remote authenticated administrators to inject arbitrary web script or HTML via (1) the upl…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2879
|
2024-11-21 11:07 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289447
|
- |
|
gopivotal
|
grails-resources
grails
|
Directory traversal vulnerability in the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 allows remote attackers to obtain sensitive information via unspecified vectors rel…
|
CWE-22
Path Traversal
|
CVE-2014-2858
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289448
|
- |
|
gopivotal
|
grails-resources
grails
|
The default configuration of the Resources plugin 1.0.0 before 1.2.6 for Pivotal Grails 2.0.0 through 2.3.6 does not properly restrict access to files in the META-INF directory, which allows remote a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2857
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289449
|
- |
|
paperthin
|
commonspot_content_server
|
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 allows remote attackers to execute arbitrary code via shell metacharacters in an unspecified context.
|
CWE-78
OS Command
|
CVE-2014-2874
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289450
|
- |
|
paperthin
|
commonspot_content_server
|
PaperThin CommonSpot before 7.0.2 and 8.x before 8.0.3 does not require authentication for access to log files, which allows remote attackers to obtain sensitive server information by using a predict…
|
CWE-200
Information Exposure
|
CVE-2014-2873
|
2024-11-21 11:07 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
