|
285501
|
- |
|
redhat
|
cloudforms_3.0_management_engine
|
The (1) shell_exec function in lib/util/MiqSshUtilV1.rb and (2) temp_cmd_file function in lib/util/MiqSshUtilV2.rb in Red Hat CloudForms 3.0 Management Engine (CFME) before 5.2.4.2 allow local users …
|
CWE-59
Link Following
|
CVE-2014-3486
|
2024-11-21 11:08 |
2014-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285502
|
- |
|
redhat
|
jboss_enterprise_application_platform
|
org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary …
|
CWE-200
Information Exposure
|
CVE-2014-3481
|
2024-11-21 11:08 |
2014-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285503
|
- |
|
rubyonrails
|
rails
|
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before …
|
CWE-89
SQL Injection
|
CVE-2014-3483
|
2024-11-21 11:08 |
2014-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285504
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows r…
|
CWE-89
SQL Injection
|
CVE-2014-3482
|
2024-11-21 11:08 |
2014-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285505
|
- |
|
openstack
|
swift
|
Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header.
|
CWE-79
Cross-site Scripting
|
CVE-2014-3497
|
2024-11-21 11:08 |
2014-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285506
|
- |
|
christos_zoulas
php
debian
|
file
php
debian_linux
|
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that trigger…
|
CWE-399
Resource Management Errors
|
CVE-2014-3538
|
2024-11-21 11:08 |
2014-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285507
|
- |
|
storesprite
|
storesprite
|
Cross-site scripting (XSS) vulnerability in templates/defaultheader.php in Lamp Design Storesprite before 7 - 19-06-14, when using the currency selection dropdown, allows remote attackers to inject a…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3737
|
2024-11-21 11:08 |
2014-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285508
|
- |
|
freedesktop
d-bus_project
|
dbus
d-bus
|
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing …
|
NVD-CWE-noinfo
|
CVE-2014-3477
|
2024-11-21 11:08 |
2014-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285509
|
- |
|
opensuse
kde
|
opensuse
kdelibs
|
kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive in…
|
CWE-200
Information Exposure
|
CVE-2014-3494
|
2024-11-21 11:08 |
2014-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285510
|
- |
|
theforeman
|
foreman
|
Multiple cross-site scripting (XSS) vulnerabilities in the host YAML view in Foreman before 1.4.5 and 1.5.x before 1.5.1 allow remote attackers to inject arbitrary web script or HTML via a parameter …
|
CWE-79
Cross-site Scripting
|
CVE-2014-3492
|
2024-11-21 11:08 |
2014-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
