|
280071
|
- |
|
skyphe
|
file-gallery
|
The File Gallery plugin before 1.7.9.2 for WordPress does not properly escape strings, which allows remote administrators to execute arbitrary PHP code via a \' (backslash quote) in the setting field…
|
CWE-94
Code Injection
|
CVE-2014-2558
|
2024-11-21 11:06 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280072
|
- |
|
amtelco
|
misecuremessages
|
Amtelco miSecureMessages (aka MSM) 6.2 does not properly manage sessions, which allows remote authenticated users to obtain sensitive information via a modified message request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2347
|
2024-11-21 11:06 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280073
|
- |
|
dynamixsolutions
|
arabic_prawn
|
lib/string_utf_support.rb in the Arabic Prawn 0.0.1 gem for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) downloaded_file or (2) url variable.
|
NVD-CWE-Other
|
CVE-2014-2322
|
2024-11-21 11:06 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280074
|
- |
|
bluecoat
|
content_analysis_system_software
content_analysis_system
|
The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injecti…
|
CWE-78
OS Command
|
CVE-2014-2565
|
2024-11-21 11:06 |
2014-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280075
|
- |
|
tibco
|
slingshot
vault
managed_file_transfer_command_center
managed_file_transfer_internet_server
|
TIBCO Managed File Transfer Internet Server before 7.2.2, Managed File Transfer Command Center before 7.2.2, Slingshot before 1.9.1, and Vault before 1.0.1 allow remote attackers to obtain sensitive …
|
CWE-200
Information Exposure
|
CVE-2014-2545
|
2024-11-21 11:06 |
2014-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280076
|
- |
|
videowhisper
|
videowhisper
|
Multiple cross-site scripting (XSS) vulnerabilities in vwrooms\templates\logout.tpl.php in the VideoWhisper Webcam plugins for Drupal 7.x allow remote attackers to inject arbitrary web script or HTML…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2715
|
2024-11-21 11:06 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280077
|
- |
|
papercut
|
papercut_ng
papercut_mf
|
Unspecified vulnerability in Papercut MF and NG before 14.1 (Build 26983) allows attacker to cause a denial of service via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2014-2658
|
2024-11-21 11:06 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280078
|
- |
|
papercut
|
papercut_mf
|
Unspecified vulnerability in the print release functionality in PaperCut MF before 14.1 (Build 26983) has unknown impact and remote vectors, related to embedded MFPs.
|
NVD-CWE-noinfo
|
CVE-2014-2657
|
2024-11-21 11:06 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280079
|
- |
|
dompdf
|
dompdf
|
dompdf.php in dompdf before 0.6.1, when DOMPDF_ENABLE_PHP is enabled, allows context-dependent attackers to bypass chroot protections and read arbitrary files via a PHP protocol and wrappers in the i…
|
CWE-200
Information Exposure
|
CVE-2014-2383
|
2024-11-21 11:06 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280080
|
- |
|
net-snmp
|
net-snmp
|
The perl_trapd_handler function in perl/TrapReceiver/TrapReceiver.xs in Net-SNMP 5.7.3.pre3 and earlier, when using certain Perl versions, allows remote attackers to cause a denial of service (snmptr…
|
CWE-20
Improper Input Validation
|
CVE-2014-2285
|
2024-11-21 11:06 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
