|
281041
|
- |
|
hdwplayer
|
hdw-player-video-player-video-gallery
|
SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL…
|
CWE-89
SQL Injection
|
CVE-2014-5180
|
2024-11-21 11:11 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281042
|
- |
|
freelinking_for_case_tracker_project
freelinking_project
|
freelinking_for_case_tracker
freelinking
|
The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain s…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5179
|
2024-11-21 11:11 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281043
|
- |
|
efssoft
|
easy_file_sharing_web_server
|
Multiple cross-site scripting (XSS) vulnerabilities in Easy File Sharing (EFS) Web Server 6.8 allow remote authenticated users to inject arbitrary web script or HTML via the content parameter when (1…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5178
|
2024-11-21 11:11 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281044
|
- |
|
status2k
|
status2k
|
admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel.
|
CWE-94
Code Injection
|
CVE-2014-5090
|
2024-11-21 11:11 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281045
|
- |
|
status2k
|
status2k
|
SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter.
|
CWE-89
SQL Injection
|
CVE-2014-5089
|
2024-11-21 11:11 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281046
|
- |
|
status2k
|
status2k
|
Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php.
|
CWE-79
Cross-site Scripting
|
CVE-2014-5088
|
2024-11-21 11:11 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281047
|
- |
|
sphider
|
sphider
|
Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (…
|
CWE-89
SQL Injection
|
CVE-2014-5082
|
2024-11-21 11:11 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281048
|
- |
|
redhat
opensuse
|
enterprise_linux
opensuse
enterprise_virtualization
libvirt
|
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declarat…
|
CWE-20
Improper Input Validation
|
CVE-2014-5177
|
2024-11-21 11:11 |
2014-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281049
|
- |
|
wireshark
|
wireshark
|
The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows rem…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-5165
|
2024-11-21 11:11 |
2014-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281050
|
- |
|
wireshark
|
wireshark
|
The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows r…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-5164
|
2024-11-21 11:11 |
2014-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
