|
279271
|
- |
|
wordpress
|
wordpress
|
wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a…
|
CWE-352
Origin Validation Error
|
CVE-2014-5205
|
2024-11-21 11:11 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279272
|
- |
|
debian
wordpress
|
debian_linux
wordpress
|
wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote atta…
|
CWE-352
Origin Validation Error
|
CVE-2014-5204
|
2024-11-21 11:11 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279273
|
- |
|
wordpress
|
wordpress
|
wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.
|
NVD-CWE-noinfo
|
CVE-2014-5203
|
2024-11-21 11:11 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279274
|
- |
|
siemens
|
simatic_s7-1500_cpu_firmware
simatic_s7-1511-1_pn_cpu
simatic_s7-1513-1_pn_cpu
simatic_s7-1515-2_pn_cpu
simatic_s7-1516-3_pn\/dp_cpu
simatic_s7-1516f-3_pn\/dp_cpu
simatic_s7-1518-4_…
|
Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device restart and STOP transition) via crafted TCP packets.
|
NVD-CWE-noinfo
|
CVE-2014-5074
|
2024-11-21 11:11 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279275
|
- |
|
xml-dt_project
|
xml-dt
|
The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file.
|
CWE-59
Link Following
|
CVE-2014-5260
|
2024-11-21 11:11 |
2014-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279276
|
- |
|
biblio_autocomplete_project
|
biblio_autocomplete
|
Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to access data via…
|
NVD-CWE-noinfo
|
CVE-2014-5250
|
2024-11-21 11:11 |
2014-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279277
|
- |
|
biblio_autocomplete_project
|
biblio_autocomplete
|
SQL injection vulnerability in the "Biblio self autocomplete" submodule in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to execu…
|
CWE-89
SQL Injection
|
CVE-2014-5249
|
2024-11-21 11:11 |
2014-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279278
|
- |
|
mybb
|
mybb
|
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to video MyCode.
|
CWE-79
Cross-site Scripting
|
CVE-2014-5248
|
2024-11-21 11:11 |
2014-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279279
|
- |
|
microsoft
|
outlook.com
|
The Microsoft Outlook.com application before 7.8.2.12.49.7090 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sen…
|
CWE-310
Cryptographic Issues
|
CVE-2014-5239
|
2024-11-21 11:11 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279280
|
- |
|
openssl
|
openssl
|
The ssl_set_client_disabled function in t1_lib.c in OpenSSL 1.0.1 before 1.0.1i allows remote SSL servers to cause a denial of service (NULL pointer dereference and client application crash) via a Se…
|
NVD-CWE-Other
|
CVE-2014-5139
|
2024-11-21 11:11 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
