|
276681
|
- |
|
cisco
|
secure_access_control_system
|
Multiple cross-site scripting (XSS) vulnerabilities in the web framework in Cisco Secure Access Control System (ACS) allow remote attackers to inject arbitrary web script or HTML via unspecified para…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8028
|
2024-11-21 11:18 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276682
|
- |
|
cisco
|
secure_access_control_system
|
The RBAC component in Cisco Secure Access Control System (ACS) allows remote authenticated users to obtain Network Device Administrator privileges for Create, Delete, Read, and Update operations via …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8027
|
2024-11-21 11:18 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276683
|
- |
|
redhat
|
libvirt
|
The qemu implementation of virConnectGetAllDomainStats in libvirt before 1.2.11 does not properly handle locks when a domain is skipped due to ACL restrictions, which allows a remote authenticated us…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8131
|
2024-11-21 11:18 |
2015-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276684
|
- |
|
osclass
|
osclass
|
Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code b…
|
NVD-CWE-Other
|
CVE-2014-8085
|
2024-11-21 11:18 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276685
|
- |
|
osclass
|
osclass
|
Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the aja…
|
CWE-22
Path Traversal
|
CVE-2014-8084
|
2024-11-21 11:18 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276686
|
- |
|
osclass
|
osclass
|
SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription…
|
CWE-89
SQL Injection
|
CVE-2014-8083
|
2024-11-21 11:18 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276687
|
- |
|
sound_exchange_project
debian
oracle
|
sound_exchange
debian_linux
solaris
|
Multiple heap-based buffer overflows in Sound eXchange (SoX) 14.4.1 and earlier allow remote attackers to have unspecified impact via a crafted WAV file to the (1) start_read or (2) AdpcmReadBlock fu…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-8145
|
2024-11-21 11:18 |
2015-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276688
|
- |
|
doorkeeper_project
|
doorkeeper
|
Cross-site request forgery (CSRF) vulnerability in doorkeeper before 1.4.1 allows remote attackers to hijack the authentication of unspecified victims for requests that read a user OAuth authorizatio…
|
CWE-352
Origin Validation Error
|
CVE-2014-8144
|
2024-11-21 11:18 |
2015-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276689
|
- |
|
apache
canonical
fedoraproject
oracle
|
http_server
ubuntu_linux
fedora
enterprise_manager_ops_center
|
mod_lua.c in the mod_lua module in the Apache HTTP Server 2.3.x and 2.4.x through 2.4.10 does not support an httpd configuration in which the same Lua authorization provider is used with different ar…
|
CWE-863
Incorrect Authorization
|
CVE-2014-8109
|
2024-11-21 11:18 |
2014-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276690
|
- |
|
libssh
debian
opensuse
fedoraproject
canonical
|
libssh
debian_linux
opensuse
fedora
ubuntu_linux
|
Double free vulnerability in the ssh_packet_kexinit function in kex.c in libssh 0.5.x and 0.6.x before 0.6.4 allows remote attackers to cause a denial of service via a crafted kexinit packet.
|
NVD-CWE-Other
|
CVE-2014-8132
|
2024-11-21 11:18 |
2014-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
