|
280331
|
- |
|
facebook
|
hiphop_virtual_machine
|
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypa…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2209
|
2024-11-21 11:05 |
2014-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280332
|
- |
|
facebook
|
hiphop_virtual_machine
|
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbit…
|
CWE-94
Code Injection
|
CVE-2014-2208
|
2024-11-21 11:05 |
2014-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280333
|
- |
|
telerik
|
ui_for_asp.net_ajax
|
Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and conse…
|
CWE-22
Path Traversal
|
CVE-2014-2217
|
2024-11-21 11:05 |
2014-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280334
|
- |
|
unitedplanet
|
intrexx
|
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2026
|
2024-11-21 11:05 |
2014-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280335
|
- |
|
huawei
|
p2-6011_firmware
|
The hx170dec device driver in Huawei P2-6011 before V100R001C00B043 allows local users to read and write to arbitrary memory locations via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2273
|
2024-11-21 11:05 |
2014-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280336
|
- |
|
infoware
|
mapsuite
|
Server-side request forgery (SSRF) vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to trigger requests to intranet servers via unspecifi…
|
NVD-CWE-Other
|
CVE-2014-2233
|
2024-11-21 11:05 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280337
|
- |
|
infoware
|
mapsuite
|
Absolute path traversal vulnerability in the MapAPI in Infoware MapSuite before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to read arbitrary files via unspecified vectors.
|
CWE-21
Pathname Traversal and Equivalence Errors
|
CVE-2014-2232
|
2024-11-21 11:05 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280338
|
- |
|
xelerance
|
openswan
|
Openswan 2.6.40 allows remote attackers to cause a denial of service (NULL pointer dereference and IKE daemon restart) via IKEv2 packets that lack expected payloads. NOTE: this vulnerability exists …
|
CWE-20
Improper Input Validation
|
CVE-2014-2037
|
2024-11-21 11:05 |
2014-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280339
|
- |
|
vtiger
|
vtiger_crm
|
views/Index.php in the Install module in vTiger 6.0 before Security Patch 2 does not properly restrict access, which allows remote attackers to re-install the application via a request that sets the …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2268
|
2024-11-21 11:05 |
2014-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280340
|
- |
|
cisco
|
rv180_firmware
rv180
rv180w
rv120w_firmware
rv120w
rv220w_firmware
rv220w
|
The Cisco RV router firmware on RV220W devices, before 1.0.5.9 on RV120W devices, and before 1.0.4.14 on RV180 and RV180W devices allows remote attackers to upload files to arbitrary locations via a …
|
CWE-20
Improper Input Validation
|
CVE-2014-2179
|
2024-11-21 11:05 |
2014-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
