|
285871
|
- |
|
vbulletin
|
vbulletin
|
SQL injection vulnerability in includes/api/4/breadcrumbs_create.php in vBulletin 4.2.2, 4.2.1, 4.2.0 PL2, and earlier allows remote authenticated users to execute arbitrary SQL commands via the conc…
|
CWE-89
SQL Injection
|
CVE-2014-2022
|
2024-11-21 11:05 |
2014-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285872
|
- |
|
opensuse
python
|
opensuse
requests
|
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain sensitive information by reading the Proxy-Authorization header in a redirected request.
|
CWE-200
Information Exposure
|
CVE-2014-1830
|
2024-11-21 11:05 |
2014-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285873
|
- |
|
debian
python
canonical
mageia
|
debian_linux
requests
ubuntu_linux
mageia
|
Requests (aka python-requests) before 2.3.0 allows remote servers to obtain a netrc password by reading the Authorization header in a redirected request.
|
CWE-200
Information Exposure
|
CVE-2014-1829
|
2024-11-21 11:05 |
2014-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285874
|
- |
|
owncloud
|
owncloud
|
Incomplete blacklist vulnerability in ajax/upload.php in ownCloud before 5.0, when running on Windows, allows remote authenticated users to bypass intended access restrictions, upload files with arbi…
|
CWE-94
Code Injection
|
CVE-2014-2044
|
2024-11-21 11:05 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285875
|
- |
|
cspan
|
capture-tiny
|
The Capture::Tiny module before 0.24 for Perl allows local users to write to arbitrary files via a symlink attack on a temporary file.
|
CWE-59
Link Following
|
CVE-2014-1875
|
2024-11-21 11:05 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285876
|
- |
|
restlet
|
restlet_framework
|
Restlet Framework 2.1.x before 2.1.7 and 2.x.x before 2.2 RC1, when using XMLRepresentation or XML serializers, allows attackers to cause a denial of service via an XML Entity Expansion (XEE) attack.
|
NVD-CWE-Other
|
CVE-2014-1868
|
2024-11-21 11:05 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285877
|
- |
|
mpay24_project
|
mpay24
|
The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log.
|
CWE-200
Information Exposure
|
CVE-2014-2009
|
2024-11-21 11:05 |
2014-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285878
|
- |
|
mpay24_project
|
mpay24
|
SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter.
|
CWE-89
SQL Injection
|
CVE-2014-2008
|
2024-11-21 11:05 |
2014-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285879
|
- |
|
plogger
|
plogger
|
Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a…
|
CWE-94
Code Injection
|
CVE-2014-2223
|
2024-11-21 11:05 |
2014-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285880
|
- |
|
fortinet
|
fortios
|
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary cod…
|
NVD-CWE-noinfo
|
CVE-2014-2216
|
2024-11-21 11:05 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
