|
277331
|
- |
|
fedoraproject
apple
joyent
|
fedora
xcode
node.js
|
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as d…
|
CWE-22
Path Traversal
|
CVE-2014-6394
|
2024-11-21 11:14 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277332
|
- |
|
openinfosecfoundation
|
suricata
|
The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other…
|
CWE-399
Resource Management Errors
|
CVE-2014-6603
|
2024-11-21 11:14 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277333
|
- |
|
gopro
|
gopro_hero_firmware
gopro_hero
|
gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action.
|
CWE-78
OS Command
|
CVE-2014-6434
|
2024-11-21 11:14 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277334
|
- |
|
gopro
|
gopro_hero_firmware
gopro_hero
|
gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action.
|
CWE-94
Code Injection
|
CVE-2014-6433
|
2024-11-21 11:14 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277335
|
- |
|
mmonit
|
m\/monit
|
M/Monit 3.3.2 and earlier does not verify the original password before changing passwords, which allows remote attackers to change the password of other users and gain privileges via the fullname and…
|
CWE-255
Credentials Management
|
CVE-2014-6607
|
2024-11-21 11:14 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277336
|
- |
|
mmonit
|
m\/monit
|
Cross-site request forgery (CSRF) vulnerability in M/Monit 3.3.2 and earlier allows remote attackers to hijack the authentication of administrators for requests that change user passwords via the ful…
|
CWE-352
Origin Validation Error
|
CVE-2014-6409
|
2024-11-21 11:14 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277337
|
- |
|
phpcompta
|
phpcompta\/noalyss
|
backup.php in PHPCompta/NOALYSS before 6.7.2 allows remote attackers to execute arbitrary commands via shell metacharacters in the d parameter.
|
CWE-94
Code Injection
|
CVE-2014-6389
|
2024-11-21 11:14 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277338
|
- |
|
mm_forum_project
|
mm_forum
|
Cross-site request forgery (CSRF) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to hijack the authentication of users for requests that create posts via unspe…
|
CWE-352
Origin Validation Error
|
CVE-2014-6299
|
2024-11-21 11:14 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277339
|
- |
|
mm_forum_project
|
mm_forum
|
Unrestricted file upload vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then access…
|
CWE-94
Code Injection
|
CVE-2014-6298
|
2024-11-21 11:14 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277340
|
- |
|
mm_forum_project
|
mm_forum
|
Cross-site scripting (XSS) vulnerability in the mm_forum extension before 1.9.3 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-6297
|
2024-11-21 11:14 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
