|
278201
|
- |
|
apple
canonical
|
cups
ubuntu_linux
|
The web interface in CUPS before 2.0 does not check that files have world-readable permissions, which allows remote attackers to obtains sensitive information via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5031
|
2024-11-21 11:11 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278202
|
- |
|
canonical
apple
|
ubuntu_linux
cups
|
CUPS before 2.0 allows local users to read arbitrary files via a symlink attack on (1) index.html, (2) index.class, (3) index.pl, (4) index.php, (5) index.pyc, or (6) index.py.
|
CWE-59
Link Following
|
CVE-2014-5030
|
2024-11-21 11:11 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278203
|
- |
|
apple
canonical
|
cups
ubuntu_linux
|
The web interface in CUPS 1.7.4 allows local users in the lp group to read arbitrary files via a symlink attack on a file in /var/cache/cups/rss/ and language[0] set to null. NOTE: this vulnerabilit…
|
CWE-59
Link Following
|
CVE-2014-5029
|
2024-11-21 11:11 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278204
|
- |
|
canonical
fedoraproject
gentoo
transmissionbt
|
ubuntu_linux
fedora
linux
transmission
|
Integer overflow in the tr_bitfieldEnsureNthBitAlloced function in bitfield.c in Transmission before 2.84 allows remote attackers to cause a denial of service and possibly execute arbitrary code via …
|
CWE-189
Numeric Errors
|
CVE-2014-4909
|
2024-11-21 11:11 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278205
|
- |
|
visualware
|
myconnection_server
|
Multiple cross-site scripting (XSS) vulnerabilities in test.php in Visualware MyConnection Server 9.7i allow remote attackers to inject arbitrary web script or HTML via the (1) testtype, (2) ver, (3)…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5113
|
2024-11-21 11:11 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278206
|
- |
|
netfortris
|
trixbox
|
maint/modules/home/index.php in Fonality trixbox allows remote attackers to execute arbitrary commands via shell metacharacters in the lang parameter.
|
CWE-94
Code Injection
|
CVE-2014-5112
|
2024-11-21 11:11 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278207
|
- |
|
netfortris
|
trixbox
|
Multiple directory traversal vulnerabilities in Fonality trixbox allow remote attackers to read arbitrary files via a .. (dot dot) in the lang parameter to (1) home/index.php, (2) asterisk_info/aster…
|
CWE-22
Path Traversal
|
CVE-2014-5111
|
2024-11-21 11:11 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278208
|
- |
|
netfortris
|
trixbox
|
Cross-site scripting (XSS) vulnerability in user/help/html/index.php in Fonality trixbox allows remote attackers to inject arbitrary web script or HTML via the id_nodo parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-5110
|
2024-11-21 11:11 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278209
|
- |
|
netfortris
|
trixbox
|
SQL injection vulnerability in maint/modules/endpointcfg/endpoint_generic.php in Fonality trixbox allows remote attackers to execute arbitrary SQL commands via the mac parameter in a Submit action.
|
CWE-89
SQL Injection
|
CVE-2014-5109
|
2024-11-21 11:11 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278210
|
- |
|
concrete5
concretecms
|
concrete5
concrete_cms
|
Cross-site scripting (XSS) vulnerability in single_pages\download_file.php in concrete5 before 5.6.3 allows remote attackers to inject arbitrary web script or HTML via the HTTP Referer header to inde…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5108
|
2024-11-21 11:11 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
