|
280371
|
- |
|
piwigo
|
piwigo
|
Cross-site scripting (XSS) vulnerability in include/functions_metadata.inc.php in Piwigo before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the Make field in IPTC Exif me…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1980
|
2024-11-21 11:05 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280372
|
- |
|
microsoft
|
sql_server
|
Cross-site scripting (XSS) vulnerability in Master Data Services (MDS) in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1820
|
2024-11-21 11:05 |
2014-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280373
|
- |
|
microsoft
|
windows_server_2008
windows_server_2012
windows_rt
windows_8.1
windows_7
windows_rt_8.1
windows_vista
windows_8
windows_server_2003
|
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1819
|
2024-11-21 11:05 |
2014-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280374
|
- |
|
microsoft
|
windows_server_2008
windows_server_2012
windows_rt
windows_8.1
windows_7
windows_rt_8.1
windows_vista
windows_8
windows_server_2003
|
The Windows Installer in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1814
|
2024-11-21 11:05 |
2014-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280375
|
- |
|
ui
|
unifi_controller
|
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
|
CWE-255
Credentials Management
|
CVE-2014-2226
|
2024-11-21 11:05 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280376
|
- |
|
ui
|
unifi_video
|
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2227
|
2024-11-21 11:05 |
2014-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280377
|
- |
|
fuelphp
|
fuelphp
|
The auto-format feature in the Request_Curl class in FuelPHP 1.1 through 1.7.1 allows remote attackers to execute arbitrary code via a crafted response.
|
CWE-94
Code Injection
|
CVE-2014-1999
|
2024-11-21 11:05 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280378
|
- |
|
cybozu
|
garoon
|
Cybozu Garoon 3.7 before SP4 allows remote authenticated users to bypass intended access restrictions, and execute arbitrary code or cause a denial of service, via an API call.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1996
|
2024-11-21 11:05 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280379
|
- |
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in the Map search functionality in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspe…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1995
|
2024-11-21 11:05 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280380
|
- |
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in the Notices portlet in Cybozu Garoon 2.x and 3.x before 3.7 SP4 allows remote authenticated users to inject arbitrary web script or HTML via unspecified ve…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1994
|
2024-11-21 11:05 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
