|
291791
|
5.5 |
MEDIUM
Local
|
ffmpeg
|
ffmpeg
|
A vulnerability was found in FFmpeg 2.0. It has been classified as problematic. Affected is the function dnxhd_init_rc of the file libavcodec/dnxhdenc.c. The manipulation leads to memory corruption. …
|
CWE-787
Out-of-bounds Write
|
CVE-2014-125002
|
2024-11-21 11:03 |
2022-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291792
|
8.8 |
HIGH
Adjacent
|
cardosystems
|
scala_rider_q3_firmware
|
A vulnerability classified as critical has been found in Cardo Systems Scala Rider Q3. Affected is the file /cardo/api of the Cardo-Updater. Unauthenticated remote code execution with root permission…
|
CWE-269
Improper Privilege Management
|
CVE-2014-125001
|
2024-11-21 11:03 |
2022-05-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291793
|
6.1 |
MEDIUM
Local
|
perl
|
dbi
|
An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (D…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2014-10402
|
2024-11-21 11:03 |
2020-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291794
|
6.1 |
MEDIUM
Local
|
perl
|
dbi
|
An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute.
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2014-10401
|
2024-11-21 11:03 |
2020-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291795
|
6.1 |
MEDIUM
Network
|
keplerproject
|
cgilua
|
The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was S…
|
CWE-384
Session Fixation
|
CVE-2014-10400
|
2024-11-21 11:03 |
2020-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291796
|
6.1 |
MEDIUM
Network
|
keplerproject
|
cgilua
|
The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875.
|
CWE-384
Session Fixation
|
CVE-2014-10399
|
2024-11-21 11:03 |
2020-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291797
|
6.1 |
MEDIUM
Network
|
bssys
|
rbs_bs-client._retail_client
|
Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client. Private Client (aka RBS BS-Client. Retail Client) 2.5, 2.4, and earlier allow remote attackers…
|
CWE-79
Cross-site Scripting
|
CVE-2014-10398
|
2024-11-21 11:03 |
2020-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291798
|
6.1 |
MEDIUM
Network
|
ideagen
|
q-pulse
|
Cross-site scripting (XSS) vulnerability in ui/common/managedlistdialog.aspx in Gael Q-Pulse 0.6 and earlier.
|
CWE-79
Cross-site Scripting
|
CVE-2014-1238
|
2024-11-21 11:03 |
2019-11-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291799
|
8.8 |
HIGH
Network
|
projoom
|
smart_flash_header
|
views/upload.php in the ProJoom Smart Flash Header (NovaSFH) component 3.0.2 and earlier for Joomla! allows remote attackers to upload and execute arbitrary files via a crafted (1) dest parameter and…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2014-1214
|
2024-11-21 11:03 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291800
|
7.5 |
HIGH
Network
|
para
|
antioch
|
The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php.
|
CWE-22
Path Traversal
|
CVE-2014-10397
|
2024-11-21 11:03 |
2019-09-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
