|
292411
|
7.8 |
HIGH
Local
|
zsh_project
|
zsh
|
zsh before 5.0.7 allows evaluation of the initial values of integer variables imported from the environment (instead of treating them as literal numbers). That could allow local privilege escalation,…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-10070
|
2024-11-21 11:03 |
2018-02-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292412
|
7.5 |
HIGH
Network
|
hitrontech
|
cve-30360_firmware
|
Hitron CVE-30360 devices use a 578A958E3DD933FC DES key that is shared across different customers' installations, which makes it easier for attackers to obtain sensitive information by decrypting a b…
|
CWE-310
Cryptographic Issues
|
CVE-2014-10069
|
2024-11-21 11:03 |
2018-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292413
|
9.8 |
CRITICAL
Network
|
eyou
|
eyou
|
The get_login_ip_config_file function in Eyou Mail System before 3.6 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to admin/domain/ip_login_se…
|
CWE-77
Command Injection
|
CVE-2014-1203
|
2024-11-21 11:03 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292414
|
7.5 |
HIGH
Network
|
google
|
android
|
WiFiMonitor in Android 4.4.4 as used in the Nexus 5 and 4, Android 4.2.2 as used in the LG D806, Android 4.2.2 as used in the Samsung SM-T310, Android 4.1.2 as used in the Motorola RAZR HD, and poten…
|
CWE-19
Data Processing Errors
|
CVE-2014-0997
|
2024-11-21 11:03 |
2017-09-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292415
|
7.8 |
HIGH
Local
|
graphviz
|
graphviz
|
Stack-based buffer overflow in the "yyerror" function in Graphviz 2.34.0 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted file. NOTE: …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-1235
|
2024-11-21 11:03 |
2017-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292416
|
- |
|
sendio
|
sendio
|
Sendio before 7.2.4 includes the session identifier in URLs in emails, which allows remote attackers to obtain sensitive information and hijack sessions by reading the jsessionid parameter in the Ref…
|
CWE-200
Information Exposure
|
CVE-2014-0999
|
2024-11-21 11:03 |
2015-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292417
|
- |
|
ibm
|
db2
|
IBM DB2 9.5 through 10.5 on Linux, UNIX, and Windows stores passwords during the processing of certain SQL statements by the monitoring and audit facilities, which allows remote authenticated users t…
|
CWE-200
Information Exposure
|
CVE-2014-0919
|
2024-11-21 11:03 |
2015-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292418
|
- |
|
freebsd
|
freebsd
|
Integer signedness error in the vt console driver (formerly Newcons) in FreeBSD 9.3 before p10 and 10.1 before p6 allows local users to cause a denial of service (crash) and possibly gain privileges …
|
CWE-189
Numeric Errors
|
CVE-2014-0998
|
2024-11-21 11:03 |
2015-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292419
|
- |
|
domphp
|
domphp
|
SQL injection vulnerability in agenda/indexdate.php in DomPHP 0.83 and earlier allows remote attackers to execute arbitrary SQL commands via the ids parameter.
|
CWE-89
SQL Injection
|
CVE-2014-10038
|
2024-11-21 11:03 |
2015-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292420
|
- |
|
domphp
|
domphp
|
Directory traversal vulnerability in DomPHP 0.83 and earlier allows remote attackers to have unspecified impact via a .. (dot dot) in the url parameter to photoalbum/index.php.
|
CWE-22
Path Traversal
|
CVE-2014-10037
|
2024-11-21 11:03 |
2015-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
