|
277711
|
9.8 |
CRITICAL
Network
|
senkas_kolibri_project
|
senkas_kolibri
|
Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request.
|
CWE-20
Improper Input Validation
|
CVE-2014-5289
|
2024-11-21 11:11 |
2019-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277712
|
6.1 |
MEDIUM
Network
|
zend
debian
|
zend_framework
debian_linux
|
ZF2014-03 has a potential cross site scripting vector in multiple view helpers
|
CWE-79
Cross-site Scripting
|
CVE-2014-4913
|
2024-11-21 11:11 |
2019-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277713
|
7.0 |
HIGH
Local
|
xcfa_project
debian
|
xcfa
debian_linux
|
xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. Note: A different vulnerability than CVE-2014-5254.
|
CWE-362
Race Condition
|
CVE-2014-5255
|
2024-11-21 11:11 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277714
|
4.7 |
MEDIUM
Local
|
xcfa_project
|
xcfa
|
xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files.
|
CWE-362
Race Condition
|
CVE-2014-5254
|
2024-11-21 11:11 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277715
|
5.5 |
MEDIUM
Local
|
trusted_boot_project
redhat
fedoraproject
|
trusted_boot
enterprise_linux
fedora
|
Trusted Boot (tboot) before 1.8.2 has a 'loader.c' Security Bypass Vulnerability
|
CWE-20
Improper Input Validation
|
CVE-2014-5118
|
2024-11-21 11:11 |
2019-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277716
|
9.8 |
CRITICAL
Network
|
hospira
|
mednet
|
Hospira MedNet software version 5.8 and prior uses vulnerable versions of the JBoss Enterprise Application Platform software that may allow unauthenticated users to execute arbitrary code on the targ…
|
CWE-94
Code Injection
|
CVE-2014-5401
|
2024-11-21 11:11 |
2019-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277717
|
6.1 |
MEDIUM
Network
|
wordfence
|
wordfence_security
|
Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.5 for WordPress allows remote attackers to inject arbitrary web script or HTML via the val parameter to whois.php.
|
CWE-79
Cross-site Scripting
|
CVE-2014-4932
|
2024-11-21 11:11 |
2018-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277718
|
7.8 |
HIGH
Local
|
opensuse
mdadm_project
|
opensuse
mdadm
|
The mdcheck script of the mdadm package for openSUSE 13.2 prior to version 3.3.1-5.14.1 does not properly sanitize device names, which allows local attackers to execute arbitrary commands as root.
|
CWE-77
Command Injection
|
CVE-2014-5220
|
2024-11-21 11:11 |
2018-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277719
|
9.8 |
CRITICAL
Network
|
tinywebgallery
|
wordpress_flash_uploader
|
The WordPress Flash Uploader plugin before 3.1.3 for WordPress allows remote attackers to execute arbitrary commands via vectors related to invalid characters in image_magic_path.
|
CWE-77
Command Injection
|
CVE-2014-5014
|
2024-11-21 11:11 |
2018-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277720
|
8.8 |
HIGH
Network
|
wpsecurityauditlog
|
wp_security_audit_log
|
Cross-site request forgery (CSRF) vulnerability in WP Security Audit Log plugin before 1.2.5 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vect…
|
CWE-352
Origin Validation Error
|
CVE-2014-5072
|
2024-11-21 11:11 |
2018-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
