|
280631
|
- |
|
apache
adobe
|
cordova
phonegap
|
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1881
|
2024-11-21 11:05 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280632
|
- |
|
synology
|
diskstation_manager
|
The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session.
|
CWE-255
CWE-200
Credentials Management
Information Exposure
|
CVE-2014-2264
|
2024-11-21 11:05 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280633
|
- |
|
cmsmadesimple
|
cms_made_simple
|
Cross-site scripting (XSS) vulnerability in lib/filemanager/ImageManager/editorFrame.php in CMS Made Simple 1.11.10 allows remote attackers to inject arbitrary web script or HTML via the action param…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2092
|
2024-11-21 11:05 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280634
|
- |
|
atutor
|
atutor
|
Cross-site scripting (XSS) vulnerability in mods/_standard/forums/admin/forum_add.php in ATutor 2.1.1 allows remote authenticated administrators to inject arbitrary web script or HTML via the title p…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2091
|
2024-11-21 11:05 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280635
|
- |
|
ilias
|
ilias
|
Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title para…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2090
|
2024-11-21 11:05 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280636
|
- |
|
ilias
|
ilias
|
ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname.
|
CWE-94
Code Injection
|
CVE-2014-2089
|
2024-11-21 11:05 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280637
|
- |
|
ilias
|
ilias
|
Unrestricted file upload vulnerability in ilias.php in ILIAS 4.4.1 allows remote authenticated users to execute arbitrary PHP code by using a .php filename in an upload_files action to the uploadFile…
|
NVD-CWE-Other
|
CVE-2014-2088
|
2024-11-21 11:05 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280638
|
- |
|
bluecoat
|
proxysgos
|
The caching feature in SGOS in Blue Coat ProxySG 5.5 through 5.5.11.3, 6.1 through 6.1.6.3, 6.2 through 6.2.15.3, 6.4 through 6.4.6.1, and 6.3 and 6.5 before 6.5.4 allows remote authenticated users t…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2033
|
2024-11-21 11:05 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280639
|
- |
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in the formatHTML function in includes/api/ApiFormatBase.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 allows rem…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2244
|
2024-11-21 11:05 |
2014-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280640
|
- |
|
mediawiki
|
mediawiki
|
includes/User.php in MediaWiki before 1.19.12, 1.20.x and 1.21.x before 1.21.6, and 1.22.x before 1.22.3 terminates validation of a user token upon encountering the first incorrect character, which m…
|
CWE-362
Race Condition
|
CVE-2014-2243
|
2024-11-21 11:05 |
2014-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
