|
277671
|
- |
|
linux
|
linux_kernel
|
Stack consumption vulnerability in the parse_rock_ridge_inode_internal function in fs/isofs/rock.c in the Linux kernel through 3.16.1 allows local users to cause a denial of service (uncontrolled rec…
|
CWE-399
Resource Management Errors
|
CVE-2014-5471
|
2024-11-21 11:12 |
2014-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277672
|
- |
|
php-sqrl_project
|
php-sqrl
|
SQL injection vulnerability in sqrl_verify.php in php-sqrl allows remote attackers to execute arbitrary SQL commands via the message parameter.
|
CWE-89
SQL Injection
|
CVE-2014-5458
|
2024-11-21 11:12 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277673
|
- |
|
qnap
|
ts-469u_firmware
ts-469u
ts-ec1679u-rp_firmware
ts-ec1679u-rp
ts-459u_firmware
ts-459u
ss-839_firmware
ss-839
|
QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed pass…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5457
|
2024-11-21 11:12 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277674
|
- |
|
social_stats_project
|
social_stats
|
Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the "[Content Type]: Create new content" permission to inject arbi…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5456
|
2024-11-21 11:12 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277675
|
- |
|
privatetunnel
openvpn
|
privatetunnel
openvpn
|
Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a …
|
CWE-428
Unquoted Search Path or Element
|
CVE-2014-5455
|
2024-11-21 11:12 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277676
|
- |
|
sas
|
visual_analytics
|
Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable exte…
|
NVD-CWE-Other
|
CVE-2014-5454
|
2024-11-21 11:12 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277677
|
- |
|
ubi
|
uplay_pc
|
Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: Full Control) for the program installation directory (%PROGRAMFILES%\Ubisoft Game Launcher), which allows local users to gain privil…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5453
|
2024-11-21 11:12 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277678
|
7.5 |
HIGH
Network
|
tripodworks
|
gigapod_officehard_firmware
gigapod_2010_firmware
gigapod_3_firmware
|
GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation.
8001/tcp is served by a versio…
|
NVD-CWE-noinfo
|
CVE-2014-5329
|
2024-11-21 11:11 |
2023-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277679
|
9.8 |
CRITICAL
Network
|
redhat
|
ansible
|
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as d…
|
CWE-74
Injection
|
CVE-2014-4967
|
2024-11-21 11:11 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277680
|
9.8 |
CRITICAL
Network
|
redhat
|
ansible
|
Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code …
|
CWE-74
Injection
|
CVE-2014-4966
|
2024-11-21 11:11 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
