|
286031
|
- |
|
yassl
|
cyassl
|
wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2)…
|
CWE-20
Improper Input Validation
|
CVE-2014-2899
|
2024-11-21 11:07 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286032
|
- |
|
yassl
|
cyassl
|
wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate.
|
CWE-310
Cryptographic Issues
|
CVE-2014-2900
|
2024-11-21 11:07 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286033
|
- |
|
libmms_project
|
libmms
|
Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-2892
|
2024-11-21 11:07 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286034
|
- |
|
siege
|
phpmyid
|
Cross-site scripting (XSS) vulnerability in the wrap_html function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_error parameter to MyID.con…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2890
|
2024-11-21 11:07 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286035
|
- |
|
t-mobile
asus
|
tm-ac1900
rt-ac68u_firmware
rt-ac68u
|
Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrar…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2925
|
2024-11-21 11:07 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286036
|
- |
|
pimcore
|
pimcore
|
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which all…
|
CWE-20
Improper Input Validation
|
CVE-2014-2922
|
2024-11-21 11:07 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286037
|
- |
|
pimcore
|
pimcore
|
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, w…
|
CWE-94
Code Injection
|
CVE-2014-2921
|
2024-11-21 11:07 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286038
|
- |
|
apple
|
cups
|
Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, rela…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2856
|
2024-11-21 11:07 |
2014-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286039
|
- |
|
f-secure
|
secure_messaging_secure_gateway
|
Cross-site scripting (XSS) vulnerability in F-Secure Messaging Secure Gateway 7.5.0 before Patch 1862 allows remote authenticated administrators to inject arbitrary web script or HTML via the new par…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2844
|
2024-11-21 11:07 |
2014-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286040
|
- |
|
oracle
|
identity_manager
|
Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web …
|
CWE-20
Improper Input Validation
|
CVE-2014-2880
|
2024-11-21 11:07 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
