|
290091
|
- |
|
ibm
|
sametime
|
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote at…
|
CWE-200
Information Exposure
|
CVE-2014-3867
|
2024-11-21 11:09 |
2014-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290092
|
5.4 |
MEDIUM
Network
|
redhat
|
jboss_aerogear
|
Multiple persistent cross-site scripting (XSS) flaws were found in the way Aerogear handled certain user-supplied content. A remote attacker could use these flaws to compromise the application with s…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3650
|
2024-11-21 11:08 |
2022-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290093
|
7.5 |
HIGH
Network
|
redhat
|
jboss_aerogear
|
The simplepush server iterates through the application installations and pushes a notification to the server provided by deviceToken. But this is user controlled. If a bogus applications is registere…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2014-3648
|
2024-11-21 11:08 |
2022-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290094
|
9.8 |
CRITICAL
Network
|
musl-libc
|
musl
|
Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact …
|
CWE-787
Out-of-bounds Write
|
CVE-2014-3484
|
2024-11-21 11:08 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290095
|
9.8 |
CRITICAL
Network
|
php
|
php
|
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party fil…
|
CWE-416
Use After Free
|
CVE-2014-3622
|
2024-11-21 11:08 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290096
|
5.4 |
MEDIUM
Network
|
mybb
|
mybb
|
Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in t…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3827
|
2024-11-21 11:08 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290097
|
5.4 |
MEDIUM
Network
|
mybb
|
mybb
|
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3826
|
2024-11-21 11:08 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290098
|
6.1 |
MEDIUM
Network
|
nokia
|
1830_photonic_service_switch-4_firmware
1830_photonic_service_switch-16_firmware
1830_photonic_service_switch-32_firmware
|
Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTM…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3809
|
2024-11-21 11:08 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290099
|
9.8 |
CRITICAL
Network
|
exlibrisgroup
|
aleph_500
|
Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via t…
|
CWE-89
SQL Injection
|
CVE-2014-3719
|
2024-11-21 11:08 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290100
|
6.1 |
MEDIUM
Network
|
exlibrisgroup
|
aleph_500
|
Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to inject arbitrary web scrip…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3718
|
2024-11-21 11:08 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
