|
290991
|
- |
|
redhat
|
jboss_enterprise_application_platform
|
The security audit functionality in Red Hat JBoss Enterprise Application Platform (EAP) 6.x before 6.2.1 logs request parameters in plaintext, which might allow local users to obtain passwords by rea…
|
CWE-310
Cryptographic Issues
|
CVE-2014-0058
|
2024-11-21 11:01 |
2014-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290992
|
- |
|
apache
|
tomcat
|
org/apache/catalina/connector/CoyoteAdapter.java in Apache Tomcat 6.0.33 through 6.0.37 does not consider the disableURLRewriting setting when handling a session ID in a URL, which allows remote atta…
|
CWE-20
Improper Input Validation
|
CVE-2014-0033
|
2024-11-21 11:01 |
2014-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290993
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
actionpack/lib/action_view/template/text.rb in Action View in Ruby on Rails 3.x before 3.2.17 converts MIME type strings to symbols during use of the :text option to the render method, which allows r…
|
CWE-20
Improper Input Validation
|
CVE-2014-0082
|
2024-11-21 11:01 |
2014-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290994
|
- |
|
rubyonrails
opensuse_project
opensuse
redhat
|
ruby_on_rails
rails
opensuse
enterprise_linux
cloudforms
|
Multiple cross-site scripting (XSS) vulnerabilities in actionview/lib/action_view/helpers/number_helper.rb in Ruby on Rails before 3.2.17, 4.0.x before 4.0.3, and 4.1.x before 4.1.0.beta2 allow remot…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0081
|
2024-11-21 11:01 |
2014-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290995
|
- |
|
rubyonrails
|
rails
|
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/cast.rb in Active Record in Ruby on Rails 4.0.x before 4.0.3, and 4.1.0.beta1, when PostgreSQL is used, al…
|
CWE-89
SQL Injection
|
CVE-2014-0080
|
2024-11-21 11:01 |
2014-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290996
|
- |
|
sonicwall
|
global_management_system
analyzer
|
Cross-site scripting (XSS) vulnerability in mainPage in Dell SonicWALL GMS before 7.1 SP2, SonicWALL Analyzer before 7.1 SP2, and SonicWALL UMA E5000 before 7.1 SP2 might allow remote attackers to in…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0332
|
2024-11-21 11:01 |
2014-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290997
|
- |
|
apache
|
subversion
|
The get_resource function in repos.c in the mod_dav_svn module in Apache Subversion before 1.7.15 and 1.8.x before 1.8.6, when SVNListParentPath is enabled, allows remote attackers to cause a denial …
|
CWE-20
Improper Input Validation
|
CVE-2014-0032
|
2024-11-21 11:01 |
2014-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290998
|
- |
|
redhat
|
jboss_enterprise_application_platform
jboss_wildfly_application_server
|
Red Hat JBoss Enterprise Application Platform (JBEAP) 6.2.0 and JBoss WildFly Application Server, when run under a security manager, do not properly restrict access to the Modular Service Container (…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0018
|
2024-11-21 11:01 |
2014-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290999
|
- |
|
microsoft
|
.net_framework
|
VsaVb7rt.dll in Microsoft .NET Framework 2.0 SP2 and 3.5.1 does not implement the ASLR protection mechanism, which makes it easier for remote attackers to execute arbitrary code via a crafted web sit…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0295
|
2024-11-21 11:01 |
2014-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291000
|
- |
|
microsoft
|
microsoft_forefront_protection_2010
|
Microsoft Forefront Protection 2010 for Exchange Server does not properly parse e-mail content, which might allow remote attackers to execute arbitrary code via a crafted message, aka "RCE Vulnerabil…
|
CWE-94
Code Injection
|
CVE-2014-0294
|
2024-11-21 11:01 |
2014-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
