|
289601
|
- |
|
broadcom
|
2e_web_option
|
CA 2E Web Option r8.1.2 accepts a predictable substring of a W2E_SSNID session token in place of the entire token, which allows remote attackers to hijack sessions by changing characters at the end o…
|
CWE-20
Improper Input Validation
|
CVE-2014-1219
|
2024-11-21 11:03 |
2014-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289602
|
- |
|
i-doit
|
i-doit
|
Cross-site scripting (XSS) vulnerability in synetics i-doit pro before 1.2.4 allows remote attackers to inject arbitrary web script or HTML via the call parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-1237
|
2024-11-21 11:03 |
2014-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289603
|
- |
|
poster_software
|
publish_it
|
Buffer overflow in Poster Software PUBLISH-iT 3.6d allows remote attackers to execute arbitrary code via a crafted PUI file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0980
|
2024-11-21 11:03 |
2014-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289604
|
- |
|
sophos
|
sophos_anti-virus
scanning_engine
|
Sophos Anti-Virus engine (SAVi) before 3.50.1, as used in VDL 4.97G 9.7.x before 9.7.9, 10.0.x before 10.0.11, and 10.3.x before 10.3.1 does not set an ACL for certain global and session objects, whi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1213
|
2024-11-21 11:03 |
2014-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289605
|
- |
|
tableausoftware
|
tableau_server
|
SQL injection vulnerability in Tableau Server 8.0.x before 8.0.7 and 8.1.x before 8.1.2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors. NOTE: this can be…
|
CWE-89
SQL Injection
|
CVE-2014-1204
|
2024-11-21 11:03 |
2014-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289606
|
- |
|
eviware
smartbear
|
soapui
|
The WSDL/WADL import functionality in SoapUI before 4.6.4 allows remote attackers to execute arbitrary Java code via a crafted request parameter in a WSDL file.
|
CWE-94
Code Injection
|
CVE-2014-1202
|
2024-11-21 11:03 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289607
|
- |
|
apple
|
pages
mac_os_x
iphone_os
|
Double free vulnerability in Apple Pages 2.x before 2.1 and 5.x before 5.1 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Microsoft W…
|
CWE-415
Double Free
|
CVE-2014-1252
|
2024-11-21 11:03 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289608
|
- |
|
apple
|
itunes
|
Apple iTunes before 11.1.4 uses HTTP for the iTunes Tutorials window, which allows man-in-the-middle attackers to spoof content by gaining control over the client-server data stream.
|
CWE-310
Cryptographic Issues
|
CVE-2014-1242
|
2024-11-21 11:03 |
2014-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289609
|
- |
|
opensuse
lightdm_gtk\+_greeter_project
|
opensuse
lightdm_gtk\+_greeter
|
The start_authentication function in lightdm-gtk-greeter.c in LightDM GTK+ Greeter before 1.7.1 does not properly handle the return value from the lightdm_greeter_get_authentication_user function, wh…
|
NVD-CWE-Other
|
CVE-2014-0979
|
2024-11-21 11:03 |
2014-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289610
|
- |
|
vmware
|
vcloud_director
|
Cross-site request forgery (CSRF) vulnerability in VMware vCloud Director 5.1.x before 5.1.3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger a logout.
|
CWE-352
Origin Validation Error
|
CVE-2014-1211
|
2024-11-21 11:03 |
2014-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
