|
292211
|
- |
|
microsoft
|
bing
|
The Microsoft Bing application before 4.2.1 for Android allows remote attackers to install arbitrary APK files via vectors involving a crafted DNS response.
|
CWE-94
Code Injection
|
CVE-2014-1670
|
2024-11-21 11:04 |
2014-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292212
|
- |
|
drupal
|
drupal
|
The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to ob…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1476
|
2024-11-21 11:04 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292213
|
- |
|
drupal
|
drupal
|
The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2014-1475
|
2024-11-21 11:04 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292214
|
- |
|
redhat
|
libvirt
|
Race condition in the virNetServerClientStartKeepAlive function in libvirt before 1.2.1 allows remote attackers to cause a denial of service (libvirtd crash) by closing a connection before a keepaliv…
|
CWE-362
Race Condition
|
CVE-2014-1447
|
2024-11-21 11:04 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292215
|
- |
|
doug_poulin
|
command_school_student_management_system
|
Command School Student Management System 1.06.01 does not properly restrict access to sw/backup/backup_ray2.php, which allows remote attackers to download a database backup via a direct request.
|
CWE-200
Information Exposure
|
CVE-2014-1637
|
2024-11-21 11:04 |
2014-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292216
|
- |
|
doug_poulin
|
command_school_student_management_system
|
Multiple SQL injection vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to execute arbitrary SQL commands via the id parameter in an edit action to (1) admin…
|
CWE-89
SQL Injection
|
CVE-2014-1636
|
2024-11-21 11:04 |
2014-01-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292217
|
- |
|
hiox
|
hiox_guest_book
|
Multiple cross-site scripting (XSS) vulnerabilities in add.php in HIOX Guest Book (HGB) 5.0 allow remote attackers to inject arbitrary web script or HTML via the (1) name1, (2) email, or (3) cmt para…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1620
|
2024-11-21 11:04 |
2014-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292218
|
- |
|
cubicfactory
|
cubic_cms
|
Multiple SQL injection vulnerabilities in Cubic CMS 5.1.1, 5.1.2, and 5.2 allow remote attackers to execute arbitrary SQL commands via the (1) resource_id or (2) version_id parameter to recursos/agen…
|
CWE-89
SQL Injection
|
CVE-2014-1619
|
2024-11-21 11:04 |
2014-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292219
|
- |
|
uaepd
|
shopping_cart_script
|
Multiple SQL injection vulnerabilities in UAEPD Shopping Cart Script allow remote attackers to execute arbitrary SQL commands via the (1) cat_id or (2) p_id parameter to products.php or id parameter …
|
CWE-89
SQL Injection
|
CVE-2014-1618
|
2024-11-21 11:04 |
2014-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292220
|
- |
|
freebsd
|
freebsd
|
Stack-based buffer overflow in lib/snmpagent.c in bsnmpd, as used in FreeBSD 8.3 through 10.0, allows remote attackers to cause a denial of service (daemon crash) and possibly execute arbitrary code …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-1452
|
2024-11-21 11:04 |
2014-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
