|
290011
|
- |
|
cmsmadesimple
|
cms_made_simple
|
Multiple cross-site scripting (XSS) vulnerabilities in CMS Made Simple allow remote authenticated users to inject arbitrary web script or HTML via (1) the group parameter to admin/addgroup.php, (2) t…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0334
|
2024-11-21 11:01 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290012
|
- |
|
linux
suse
redhat
|
linux_kernel
linux_enterprise_desktop
linux_enterprise_server
enterprise_linux_server_aus
enterprise_linux_server_tus
enterprise_linux_desktop
enterprise_linux_server
enterprise_…
|
The cifs_iovec_write function in fs/cifs/file.c in the Linux kernel through 3.13.5 does not properly handle uncached write operations that copy fewer than the requested number of bytes, which allows …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0069
|
2024-11-21 11:01 |
2014-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290013
|
- |
|
libpng
|
libpng
|
The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an…
|
CWE-189
Numeric Errors
|
CVE-2014-0333
|
2024-11-21 11:01 |
2014-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290014
|
- |
|
emberjs
|
ember.js
|
Cross-site scripting (XSS) vulnerability in the link-to helper in Ember.js 1.2.x before 1.2.2, 1.3.x before 1.3.2, and 1.4.x before 1.4.0-beta.6, when used in non-block form, allows remote attackers …
|
CWE-79
Cross-site Scripting
|
CVE-2014-0046
|
2024-11-21 11:01 |
2014-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290015
|
- |
|
redhat
|
jboss_enterprise_application_platform
|
The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by rea…
|
CWE-310
Cryptographic Issues
|
CVE-2014-0058
|
2024-11-21 11:01 |
2014-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290016
|
- |
|
apache
|
tomcat
|
org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote atta…
|
CWE-20
Improper Input Validation
|
CVE-2014-0033
|
2024-11-21 11:01 |
2014-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290017
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows r…
|
CWE-20
Improper Input Validation
|
CVE-2014-0082
|
2024-11-21 11:01 |
2014-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290018
|
- |
|
rubyonrails
opensuse_project
opensuse
redhat
|
ruby_on_rails
rails
opensuse
enterprise_linux
cloudforms
|
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remot…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0081
|
2024-11-21 11:01 |
2014-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290019
|
- |
|
rubyonrails
|
rails
|
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, al…
|
CWE-89
SQL Injection
|
CVE-2014-0080
|
2024-11-21 11:01 |
2014-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290020
|
- |
|
sonicwall
|
global_management_system
analyzer
|
Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to in…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0332
|
2024-11-21 11:01 |
2014-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
