|
276641
|
- |
|
subex
|
roc_fraud_management_system
|
SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL comman…
|
CWE-89
SQL Injection
|
CVE-2014-8728
|
2024-11-21 11:19 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276642
|
- |
|
enalean
|
tuleap
|
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code vi…
|
CWE-94
Code Injection
|
CVE-2014-8791
|
2024-11-21 11:19 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276643
|
- |
|
redhat
xen
debian
opensuse
|
enterprise_linux
enterprise_linux_desktop
xen
debian_linux
opensuse
|
The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM…
|
CWE-17
Code
|
CVE-2014-8867
|
2024-11-21 11:19 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276644
|
- |
|
debian
xen
opensuse
|
debian_linux
xen
opensuse
|
The compatibility mode hypercall argument translation in Xen 3.3.x through 4.4.x, when running on a 64-bit hypervisor, allows local 32-bit HVM guests to cause a denial of service (host crash) via vec…
|
CWE-17
Code
|
CVE-2014-8866
|
2024-11-21 11:19 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276645
|
- |
|
ait-pro
|
bulletproof_security
|
Server-side request forgery (SSRF) vulnerability in admin/htaccess/bpsunlock.php in the BulletProof Security plugin before .51.1 for WordPress allows remote attackers to trigger outbound requests tha…
|
NVD-CWE-noinfo
|
CVE-2014-8749
|
2024-11-21 11:19 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276646
|
- |
|
linux
|
linux_kernel
|
Stack-based buffer overflow in the ttusbdecfe_dvbs_diseqc_send_master_cmd function in drivers/media/usb/ttusb-dec/ttusbdecfe.c in the Linux kernel before 3.17.4 allows local users to cause a denial o…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-8884
|
2024-11-21 11:19 |
2014-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276647
|
- |
|
strangerstudios
|
paid_memberships_pro
|
Directory traversal vulnerability in services/getfile.php in the Paid Memberships Pro plugin before 1.7.15 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the QUER…
|
CWE-22
Path Traversal
|
CVE-2014-8801
|
2024-11-21 11:19 |
2014-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276648
|
- |
|
dukapress
|
dukapress
|
Directory traversal vulnerability in the dp_img_resize function in php/dp-functions.php in the DukaPress plugin before 2.5.4 for WordPress allows remote attackers to read arbitrary files via a .. (do…
|
CWE-22
Path Traversal
|
CVE-2014-8799
|
2024-11-21 11:19 |
2014-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276649
|
- |
|
xavoc
|
xepan_cms
|
Cross-site request forgery (CSRF) vulnerability in Xavoc Technocrats xEpan CMS 1.0.4.1, 1.0.4, 1.0.1, and earlier allows remote attackers to hijack the authentication of administrators for requests t…
|
CWE-352
Origin Validation Error
|
CVE-2014-8429
|
2024-11-21 11:19 |
2014-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276650
|
- |
|
arris
|
vap2500_firmware
|
The management portal in ARRIS VAP2500 before FW08.41 allows remote attackers to obtain credentials by reading the configuration files.
|
CWE-200
Information Exposure
|
CVE-2014-8425
|
2024-11-21 11:19 |
2014-11-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
