|
278371
|
- |
|
apple
|
iphone_os
tvos
|
dyld in Apple iOS before 8.1.1 and Apple TV before 7.0.2 does not properly handle overlapping segments in Mach-O executable files, which allows local users to bypass intended code-signing restriction…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4455
|
2024-11-21 11:10 |
2014-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278372
|
- |
|
apple
|
iphone_os
mac_os_x
|
Apple iOS before 8.1.1 and OS X before 10.10.1 include location data during establishment of a Spotlight Suggestions server connection by Spotlight or Safari, which might allow remote attackers to ob…
|
CWE-200
Information Exposure
|
CVE-2014-4453
|
2024-11-21 11:10 |
2014-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278373
|
- |
|
apple
|
tvos
iphone_os
safari
itunes
|
WebKit, as used in Apple iOS before 8.1.1 and Apple TV before 7.0.2, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a cra…
|
CWE-399
Resource Management Errors
|
CVE-2014-4452
|
2024-11-21 11:10 |
2014-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278374
|
- |
|
apple
|
iphone_os
|
Apple iOS before 8.1.1 does not properly enforce the failed-passcode limit, which makes it easier for physically proximate attackers to bypass the lock-screen protection mechanism via a series of gue…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4451
|
2024-11-21 11:10 |
2014-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278375
|
8.8 |
HIGH
Network
|
rsa
|
web_threat_detection
|
SQL injection vulnerability in EMC RSA Web Threat Detection 4.x before 4.6.1.1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2014-4627
|
2024-11-21 11:10 |
2014-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278376
|
- |
|
wordfence_security_project
|
wordfence_security
|
Cross-site scripting (XSS) vulnerability in the Wordfence Security plugin before 5.1.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the whoisval parameter on the W…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4664
|
2024-11-21 11:10 |
2014-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278377
|
- |
|
ibm
|
websphere_commerce
|
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and …
|
NVD-CWE-Other
|
CVE-2014-4834
|
2024-11-21 11:10 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278378
|
- |
|
ibm
|
cognos_mobile
|
IBM Cognos Mobile 10.1.1 before FP3 IF1, 10.2.0 before FP2 IF1, and 10.2.1 before FP4 IF1 preserves a session between the Cognos Mobile server and the Cognos Business Intelligence server after a logo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4810
|
2024-11-21 11:10 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278379
|
- |
|
ibm
|
websphere_commerce
|
IBM WebSphere Commerce 6.x through 6.0.0.11 and 7.x through 7.0.0.8 allows remote authenticated users to read arbitrary files or send TCP requests to intranet servers via XML data containing an exter…
|
NVD-CWE-Other
|
CVE-2014-4769
|
2024-11-21 11:10 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278380
|
- |
|
ibm
|
tririga_application_platform
|
Cross-site request forgery (CSRF) vulnerability in birtviewer.query in IBM TRIRIGA Application Platform 3.2 and 3.3 before 3.3.0.2, 3.3.1 before 3.3.1.3, 3.3.2 before 3.3.2.2, and 3.4 before 3.4.0.1 …
|
CWE-352
Origin Validation Error
|
CVE-2014-4839
|
2024-11-21 11:10 |
2014-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
