|
276771
|
- |
|
redhat
|
resteasy
|
DocumentProvider in RESTEasy 2.3.7 and 3.0.9 does not configure the (1) external-general-entities or (2) external-parameter-entities features, which allows remote attackers to conduct XML external en…
|
CWE-20
Improper Input Validation
|
CVE-2014-7839
|
2024-11-21 11:18 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276772
|
- |
|
liferay
|
liferay_portal
|
Cross-site scripting (XSS) vulnerability in Liferay Portal Enterprise Edition (EE) 6.2 SP8 and earlier allows remote authenticated users to inject arbitrary web script or HTML via the _20_body parame…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8349
|
2024-11-21 11:18 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276773
|
- |
|
openstack
fedoraproject
redhat
|
neutron
fedora
openstack
|
OpenStack Neutron before 2014.1.4 and 2014.2.x before 2014.2.1 allows remote authenticated users to cause a denial of service (crash) via a crafted dns_nameservers value in the DNS configuration.
|
CWE-20
CWE-399
Improper Input Validation
Resource Management Errors
|
CVE-2014-7821
|
2024-11-21 11:18 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276774
|
- |
|
canonical
debian
gnu
opensuse
|
ubuntu_linux
debian_linux
glibc
opensuse
|
The wordexp function in GNU C Library (aka glibc) 2.21 does not enforce the WRDE_NOCMD flag, which allows context-dependent attackers to execute arbitrary commands, as demonstrated by input containin…
|
CWE-20
Improper Input Validation
|
CVE-2014-7817
|
2024-11-21 11:18 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276775
|
- |
|
moodle
|
moodle
|
lib/phpunit/bootstrap.php in Moodle 2.6.x before 2.6.6 and 2.7.x before 2.7.3 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error mes…
|
CWE-200
Information Exposure
|
CVE-2014-7848
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276776
|
- |
|
moodle
|
moodle
|
iplookup/index.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote attackers to cause a denial of service (resource consumption) by triggering t…
|
CWE-399
Resource Management Errors
|
CVE-2014-7847
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276777
|
- |
|
moodle
|
moodle
|
tag/tag_autocomplete.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not consider the moodle/tag:edit capability before adding a tag, which allows re…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7846
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276778
|
- |
|
moodle
|
moodle
|
The generate_password function in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide a sufficient number of possible temporary passwords, which all…
|
CWE-255
Credentials Management
|
CVE-2014-7845
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276779
|
- |
|
moodle
|
moodle
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Forum module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allow remote attackers to hijac…
|
CWE-352
Origin Validation Error
|
CVE-2014-7838
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276780
|
- |
|
moodle
|
moodle
|
mod/wiki/admin.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 allows remote authenticated users to remove wiki pages by leveraging delete access within a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7837
|
2024-11-21 11:18 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
