|
279881
|
- |
|
lxml
|
lxml
|
Incomplete blacklist vulnerability in the lxml.html.clean module in lxml before 3.3.5 allows remote attackers to conduct cross-site scripting (XSS) attacks via control characters in the link scheme t…
|
NVD-CWE-Other
|
CVE-2014-3146
|
2024-11-21 11:07 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279882
|
- |
|
cobblerd
|
cobbler
|
Absolute path traversal vulnerability in the web interface in Cobbler 2.4.x through 2.6.x allows remote authenticated users to read arbitrary files via the Kickstart field in a profile.
|
CWE-22
Path Traversal
|
CVE-2014-3225
|
2024-11-21 11:07 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279883
|
- |
|
debian
|
dpkg
|
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error…
|
CWE-22
Path Traversal
|
CVE-2014-3127
|
2024-11-21 11:07 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279884
|
- |
|
marc_lehmann
|
rxvt-unicode
|
rxvt-unicode before 9.20 does not properly handle OSC escape sequences, which allows user-assisted remote attackers to manipulate arbitrary X window properties and execute arbitrary commands.
|
CWE-78
OS Command
|
CVE-2014-3121
|
2024-11-21 11:07 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279885
|
- |
|
o-dyn
|
collabtive
|
SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php.
|
CWE-89
SQL Injection
|
CVE-2014-3246
|
2024-11-21 11:07 |
2014-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279886
|
- |
|
open_assessment_technologies_
|
tao
|
Cross-site request forgery (CSRF) vulnerability in Open Assessment Technologies TAO 2.5.6 allows remote attackers to hijack the authentication of administrators for requests that create administrativ…
|
CWE-352
Origin Validation Error
|
CVE-2014-2989
|
2024-11-21 11:07 |
2014-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279887
|
- |
|
makina-corpus
|
soappy
|
SOAPpy 0.12.5 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted SOAP request containing…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3243
|
2024-11-21 11:07 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279888
|
- |
|
makina-corpus
|
soappy
|
SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (…
|
CWE-200
Information Exposure
|
CVE-2014-3242
|
2024-11-21 11:07 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279889
|
- |
|
f5
|
big-ip_webaccelerator
big-ip_local_traffic_manager
big-ip_protocol_security_module
big-ip_link_controller
big-ip_application_security_manager
big-ip_global_traffic_manager
big-ip_wa…
|
The iControl API in F5 BIG-IP LTM, APM, ASM, GTM, Link Controller, and PSM 10.0.0 through 10.2.4 and 11.0.0 through 11.5.1, BIG-IP AAM 11.4.0 through 11.5.1, BIG-IP AFM and PEM 11.3.0 through 11.5.1,…
|
NVD-CWE-Other
|
CVE-2014-2928
|
2024-11-21 11:07 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279890
|
- |
|
linux
oracle
canonical
debian
|
linux_kernel
linux
ubuntu_linux
debian_linux
|
The BPF_S_ANC_NLATTR_NEST extension implementation in the sk_run_filter function in net/core/filter.c in the Linux kernel through 3.14.3 uses the reverse order in a certain subtraction, which allows …
|
CWE-125
Out-of-bounds Read
|
CVE-2014-3145
|
2024-11-21 11:07 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
