|
282431
|
- |
|
docker
|
docker
docker-py
|
Docker before 1.3.1 and docker-py before 0.5.3 fall back to HTTP when the HTTPS connection to the registry fails, which allows man-in-the-middle attackers to conduct downgrade attacks and obtain auth…
|
CWE-17
Code
|
CVE-2014-5277
|
2024-11-21 11:11 |
2014-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282432
|
- |
|
qemu
canonical
|
qemu
ubuntu_linux
|
Off-by-one error in the pci_read function in the ACPI PCI hotplug interface (hw/acpi/pcihp.c) in QEMU allows local guest users to obtain sensitive information and have other unspecified impact relate…
|
CWE-193
Off-by-one Error
|
CVE-2014-5388
|
2024-11-21 11:11 |
2014-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282433
|
- |
|
ruby-lang
redhat
debian
canonical
|
ruby
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_hpc_node
debian_linux
ubuntu_linux
|
Off-by-one error in the encodes function in pack.c in Ruby 1.9.3 and earlier, and 2.x through 2.1.2, when using certain format string specifiers, allows context-dependent attackers to cause a denial …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-4975
|
2024-11-21 11:11 |
2014-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282434
|
- |
|
eucalyptus
|
eucalyptus
|
Eucalyptus 3.0.0 through 4.0.1, when the log level is set to DEBUG or lower, logs user and system passwords, which allows local users to obtain sensitive information by reading the cloud log files.
|
CWE-200
Information Exposure
|
CVE-2014-5038
|
2024-11-21 11:11 |
2014-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282435
|
- |
|
eucalyptus
|
eucalyptus
|
Eucalyptus 4.0.0 through 4.0.1, when the log level is set to INFO, logs user and system passwords, which allows local users to obtain sensitive information by reading cloud-requests.log.
|
CWE-200
Information Exposure
|
CVE-2014-5037
|
2024-11-21 11:11 |
2014-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282436
|
- |
|
webedition
|
webedition_cms
|
Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
|
CWE-22
Path Traversal
|
CVE-2014-5258
|
2024-11-21 11:11 |
2014-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282437
|
- |
|
formalms
|
formalms
|
Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the (1) id_custom parameter in an amanmenu request …
|
CWE-79
Cross-site Scripting
|
CVE-2014-5257
|
2024-11-21 11:11 |
2014-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282438
|
- |
|
nordex
|
nordex_control_2_scada
|
Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or H…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5408
|
2024-11-21 11:11 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282439
|
- |
|
eset
|
personal_firewall_ndis_filter
|
The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local us…
|
CWE-200
Information Exposure
|
CVE-2014-4974
|
2024-11-21 11:11 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282440
|
- |
|
expressionengine
ellislab
|
expressionengine
|
Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] paramet…
|
CWE-89
SQL Injection
|
CVE-2014-5387
|
2024-11-21 11:11 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
