|
290431
|
- |
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web sc…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3833
|
2024-11-21 11:08 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290432
|
- |
|
owncloud
|
owncloud
|
Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possi…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3832
|
2024-11-21 11:08 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290433
|
- |
|
lucidcrew
|
pixie
|
Multiple cross-site scripting (XSS) vulnerabilities in the contact module (admin/modules/contact.php) in Pixie CMS 1.04 allow remote attackers to inject arbitrary web script or HTML via the (1) uemai…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3786
|
2024-11-21 11:08 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290434
|
- |
|
gnu
|
gnutls
|
Buffer overflow in the read_server_hello function in lib/gnutls_handshake.c in GnuTLS before 3.1.25, 3.2.x before 3.2.15, and 3.3.x before 3.3.4 allows remote servers to cause a denial of service (me…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3466
|
2024-11-21 11:08 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290435
|
- |
|
vmware
|
vcenter_server_appliance
|
Ruby vSphere Console (RVC) in VMware vCenter Server Appliance allows remote authenticated users to execute arbitrary commands as root by escaping from a chroot jail.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3790
|
2024-11-21 11:08 |
2014-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290436
|
- |
|
vmware
|
player
esxi
fusion
workstation
|
VMware Tools in VMware Workstation 10.x before 10.0.2, VMware Player 6.x before 6.0.2, VMware Fusion 6.x before 6.0.3, and VMware ESXi 5.0 through 5.5, when a Windows 8.1 guest OS is used, allows gue…
|
NVD-CWE-Other
|
CVE-2014-3793
|
2024-11-21 11:08 |
2014-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290437
|
- |
|
citrix
|
vdi-in-a-box
|
Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet.
|
CWE-287
Improper Authentication
|
CVE-2014-3780
|
2024-11-21 11:08 |
2014-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290438
|
- |
|
jasig
|
uportal
|
uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3417
|
2024-11-21 11:08 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290439
|
- |
|
jasig
|
uportal
|
uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-adm…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3416
|
2024-11-21 11:08 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290440
|
- |
|
sharetronix
|
sharetronix
|
SQL injection vulnerability in Sharetronix before 3.4 allows remote authenticated users to execute arbitrary SQL commands via the invite_users[] parameter to the /invite page for a group.
|
CWE-89
SQL Injection
|
CVE-2014-3415
|
2024-11-21 11:08 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
