|
282711
|
- |
|
zend
|
zend_framework
|
The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with…
|
CWE-287
Improper Authentication
|
CVE-2014-8088
|
2024-11-21 11:18 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282712
|
- |
|
redhat
|
virtual_desktop_service_manager
|
VDSM allows remote attackers to cause a denial of service (connection blocking) by keeping an SSL connection open.
|
CWE-310
Cryptographic Issues
|
CVE-2014-7968
|
2024-11-21 11:18 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282713
|
- |
|
splunk
|
splunk
|
Cross-site scripting (XSS) vulnerability in Splunk 6.1.1 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer Header in a "404 Not Found" response. NOTE: this vulnerab…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8380
|
2024-11-21 11:18 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282714
|
- |
|
marketo_ma_project
|
marketo_ma
|
Multiple cross-site scripting (XSS) vulnerabilities in the Marketo MA module before 7.x-1.5 for Drupal allow remote authenticated users with certain permissions to inject arbitrary web script or HTML…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8379
|
2024-11-21 11:18 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282715
|
- |
|
tablefield_project
|
tablefield
|
Cross-site scripting (XSS) vulnerability in the TableField module 7.x-2.x before 7.x-2.3 allows remote authenticated users with the "administer content types" or "administer taxonomy" permission to i…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8378
|
2024-11-21 11:18 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282716
|
- |
|
webasyst
|
shop-script
|
Cross-site scripting (XSS) vulnerability in Webasyst Shop-Script 5.2.2.30933 allows remote attackers to inject arbitrary web script or HTML via the phone number field in a new contact to phpecom/inde…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8377
|
2024-11-21 11:18 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282717
|
- |
|
site_banner_project
|
site_banner
|
Cross-site scripting (XSS) vulnerability in the context administration sub-panel in the Site Banner module before 7.x-4.1 for Drupal allows remote authenticated users with the "Administer contexts" C…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8376
|
2024-11-21 11:18 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282718
|
- |
|
gb-plugins
|
gb_gallery_slideshow
|
SQL injection vulnerability in GBgallery.php in the GB Gallery Slideshow plugin 1.5 for WordPress allows remote administrators to execute arbitrary SQL commands via the selected_group parameter in a …
|
CWE-89
SQL Injection
|
CVE-2014-8375
|
2024-11-21 11:18 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282719
|
- |
|
apptreestudios
|
gangsta_auto_thief_iii
|
The Gangsta Auto Thief III (aka com.apptreestudios.gdup3) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers an…
|
CWE-310
Cryptographic Issues
|
CVE-2014-7804
|
2024-11-21 11:18 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282720
|
- |
|
onesolutionapps
|
woodward_bail
|
The Woodward Bail (aka com.onesolutionapps.woodwardbailandroid) application 1.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof serv…
|
CWE-310
Cryptographic Issues
|
CVE-2014-7803
|
2024-11-21 11:18 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
