|
289791
|
- |
|
twiki
microsoft
|
twiki
windows
|
lib/TWiki/Sandbox.pm in TWiki 6.0.0 and earlier, when running on Windows, allows remote attackers to bypass intended access restrictions and upload files with restricted names via a null byte (%00) i…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7237
|
2024-11-21 11:16 |
2014-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289792
|
- |
|
debian
|
apt
advanced_package_tool
|
The changelog command in Apt before 1.0.9.2 allows local users to write to arbitrary files via a symlink attack on the changelog file.
|
CWE-59
Link Following
|
CVE-2014-7206
|
2024-11-21 11:16 |
2014-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289793
|
- |
|
kriesi
|
enfold
|
Unspecified vulnerability in the folder framework in the Enfold theme before 3.0.1 for WordPress has unknown impact and attack vectors.
|
NVD-CWE-noinfo
|
CVE-2014-7297
|
2024-11-21 11:16 |
2014-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289794
|
- |
|
linux
|
linux_kernel
|
The net_get_random_once implementation in net/core/utils.c in the Linux kernel 3.13.x and 3.14.x before 3.14.5 on certain Intel processors does not perform the intended slow-path operation to initial…
|
CWE-200
Information Exposure
|
CVE-2014-7284
|
2024-11-21 11:16 |
2014-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289795
|
- |
|
linux
redhat
|
linux_kernel
mrg_realtime
|
The xfs_da3_fixhashpath function in fs/xfs/xfs_da_btree.c in the xfs implementation in the Linux kernel before 3.14.2 does not properly compare btree hash values, which allows local users to cause a …
|
CWE-399
Resource Management Errors
|
CVE-2014-7283
|
2024-11-21 11:16 |
2014-10-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289796
|
- |
|
kevin_renskers
|
dmmjobcontrol
|
Multiple SQL injection vulnerabilities in the search function in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allow remote attackers to …
|
CWE-89
SQL Injection
|
CVE-2014-7201
|
2024-11-21 11:16 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289797
|
- |
|
kevin_renskers
|
dmmjobcontrol
|
Cross-site scripting (XSS) vulnerability in pi1/class.tx_dmmjobcontrol_pi1.php in the JobControl (dmmjobcontrol) extension 2.14.0 and earlier for TYPO3 allows remote attackers to inject arbitrary web…
|
CWE-79
Cross-site Scripting
|
CVE-2014-7200
|
2024-11-21 11:16 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289798
|
- |
|
cfdbplugin
|
contact_form_db
|
Multiple cross-site scripting (XSS) vulnerabilities in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.16 for WordPress allow remote attackers to inject arbi…
|
CWE-79
Cross-site Scripting
|
CVE-2014-7139
|
2024-11-21 11:16 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289799
|
- |
|
rejetto
|
http_file_server
|
The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are in…
|
CWE-94
Code Injection
|
CVE-2014-7226
|
2024-11-21 11:16 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289800
|
- |
|
oceanavenue
|
ocean_avenue_mobile_pro
|
The Ocean Avenue Mobile Pro (aka com.oceanavenue.mobile) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and…
|
CWE-310
Cryptographic Issues
|
CVE-2014-7047
|
2024-11-21 11:16 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
