|
279731
|
- |
|
caldera
|
caldera
|
The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified …
|
CWE-94
Code Injection
|
CVE-2014-2936
|
2024-11-21 11:07 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279732
|
- |
|
caldera
|
caldera
|
costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request.
|
CWE-78
OS Command
|
CVE-2014-2935
|
2024-11-21 11:07 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279733
|
- |
|
caldera
|
caldera
|
Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php.
|
CWE-89
SQL Injection
|
CVE-2014-2934
|
2024-11-21 11:07 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279734
|
- |
|
caldera
|
caldera
|
Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname.
|
CWE-22
Path Traversal
|
CVE-2014-2933
|
2024-11-21 11:07 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279735
|
- |
|
xen
|
xen
|
The HVMOP_set_mem_type control in Xen 4.1 through 4.4.x allows local guest HVM administrators to cause a denial of service (hypervisor crash) or possibly execute arbitrary code by leveraging a separa…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3124
|
2024-11-21 11:07 |
2014-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279736
|
- |
|
opensuse
nagios
|
opensuse
remote_plugin_executor
|
Incomplete blacklist vulnerability in nrpe.c in Nagios Remote Plugin Executor (NRPE) 2.15 and earlier allows remote attackers to execute arbitrary commands via a newline character in the -a option to…
|
NVD-CWE-Other
|
CVE-2014-2913
|
2024-11-21 11:07 |
2014-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279737
|
- |
|
debian
strongswan
|
strongswan
|
strongSwan before 5.1.2 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon crash) via a crafted ID_DER_ASN1_DN ID payload.
|
NVD-CWE-Other
|
CVE-2014-2891
|
2024-11-21 11:07 |
2014-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279738
|
- |
|
ayatana_project
canonical
|
unity
ubuntu_linux
|
Unity before 7.2.1, as used in Ubuntu 14.04, does not properly handle keyboard shortcuts, which allows physically proximate attackers to bypass the lock screen and execute arbitrary commands, as demo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3204
|
2024-11-21 11:07 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279739
|
- |
|
ayatana_project
canonical
|
unity
ubuntu_linux
|
Unity before 7.2.1, as used in Ubuntu 14.04, does not properly restrict access to the Dash when the lock screen is active, which allows physically proximate attackers to bypass the lock screen and ex…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3203
|
2024-11-21 11:07 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279740
|
- |
|
ayatana_project
|
unity
|
Unity before 7.2.1 does not properly handle entry activation, which allows physically proximate attackers to bypass the lock screen by holding the ENTER key, which triggers the process to crash.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3202
|
2024-11-21 11:07 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
