|
290871
|
- |
|
wpgetready
|
nextcellent_gallery
|
Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, Ne…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3123
|
2024-11-21 11:07 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290872
|
- |
|
fortinet
|
fortiweb
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators vi…
|
CWE-352
Origin Validation Error
|
CVE-2014-3115
|
2024-11-21 11:07 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290873
|
- |
|
selinuxproject
|
policycoreutils
|
seunshare in policycoreutils 2.2.5 is owned by root with 4755 permissions, and executes programs in a way that changes the relationship between the setuid system call and the getresuid saved set-user…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3215
|
2024-11-21 11:07 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290874
|
- |
|
caldera
|
caldera
|
The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified …
|
CWE-94
Code Injection
|
CVE-2014-2936
|
2024-11-21 11:07 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290875
|
- |
|
caldera
|
caldera
|
costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request.
|
CWE-78
OS Command
|
CVE-2014-2935
|
2024-11-21 11:07 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290876
|
- |
|
caldera
|
caldera
|
Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php.
|
CWE-89
SQL Injection
|
CVE-2014-2934
|
2024-11-21 11:07 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290877
|
- |
|
caldera
|
caldera
|
Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname.
|
CWE-22
Path Traversal
|
CVE-2014-2933
|
2024-11-21 11:07 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290878
|
- |
|
xen
|
xen
|
The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separa…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3124
|
2024-11-21 11:07 |
2014-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290879
|
- |
|
opensuse
nagios
|
opensuse
remote_plugin_executor
|
Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to…
|
NVD-CWE-Other
|
CVE-2014-2913
|
2024-11-21 11:07 |
2014-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290880
|
- |
|
debian
strongswan
|
strongswan
|
strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload.
|
NVD-CWE-Other
|
CVE-2014-2891
|
2024-11-21 11:07 |
2014-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
