|
290441
|
- |
|
sharetronix
|
sharetronix
|
Cross-site request forgery (CSRF) vulnerability in Sharetronix before 3.4 allows remote attackers to hijack the authentication of administrators for requests that add administrative privileges to a u…
|
CWE-352
Origin Validation Error
|
CVE-2014-3414
|
2024-11-21 11:08 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290442
|
- |
|
mayan-edms
|
mayan_edms
|
Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3840
|
2024-11-21 11:08 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290443
|
- |
|
imember360
|
imember360
|
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Emai…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3849
|
2024-11-21 11:08 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290444
|
- |
|
imember360
|
imember360
|
The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3848
|
2024-11-21 11:08 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290445
|
- |
|
openstack
|
heat
|
OpenStack Orchestration API (Heat) 2013.2 through 2013.2.3 and 2014.1, when creating the stack for a template using a provider template, allows remote authenticated users to obtain the provider templ…
|
CWE-200
Information Exposure
|
CVE-2014-3801
|
2024-11-21 11:08 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290446
|
- |
|
pandasecurity
|
panda_av_pro_2014
panda_internet_security_2014
panda_global_protection_2014
panda_gold_protection
|
Unspecified vulnerability in Panda Gold Protection and Global Protection 2014 7.01.01 and earlier, Internet Security 2014 19.01.01 and earlier, and AV Pro 2014 13.01.01 and earlier allows local users…
|
NVD-CWE-noinfo
|
CVE-2014-3450
|
2024-11-21 11:08 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290447
|
- |
|
nullsoft
|
winamp
|
Winamp 5.666 and earlier allows remote attackers to cause a denial of service (memory corruption and crash) via a malformed .FLV file, related to f263.w5s.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3442
|
2024-11-21 11:08 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290448
|
- |
|
cogentdatahub
|
cogent_datahub
|
GetPermissions.asp in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary commands via unspecified vectors.
|
CWE-94
Code Injection
|
CVE-2014-3789
|
2024-11-21 11:08 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290449
|
- |
|
cogentdatahub
|
cogent_datahub
|
Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3788
|
2024-11-21 11:08 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290450
|
- |
|
flyingcart
|
flying_cart
|
Cross-site scripting (XSS) vulnerability in Flying Cart allows remote attackers to inject arbitrary web script or HTML via the p parameter to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2014-3846
|
2024-11-21 11:08 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
