|
278081
|
- |
|
iii
|
sierra
|
Cross-site scripting (XSS) vulnerability in Innovative Interfaces Sierra Library Services Platform 1.2_3 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2014-5136
|
2024-11-21 11:11 |
2014-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278082
|
- |
|
labanquepostale
|
labanquepostale
|
The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banki…
|
CWE-200
Information Exposure
|
CVE-2014-5076
|
2024-11-21 11:11 |
2014-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278083
|
- |
|
spi-inc
|
ganeti
|
The _UpgradeBeforeConfigurationChange function in lib/client/gnt_cluster.py in Ganeti 2.10.0 before 2.10.7 and 2.11.0 before 2.11.5 uses world-readable permissions for the configuration backup file, …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5247
|
2024-11-21 11:11 |
2014-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278084
|
- |
|
xen
|
xen
|
Xen 4.4.x, when running a 64-bit kernel on an ARM system, does not properly handle traps from the guest domain that use a different address width, which allows local guest users to cause a denial of …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5147
|
2024-11-21 11:11 |
2014-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278085
|
- |
|
gnu
debian
|
glibc
debian_linux
|
Off-by-one error in the __gconv_translit_find function in gconv_trans.c in GNU C Library (aka glibc) allows context-dependent attackers to cause a denial of service (crash) or execute arbitrary code …
|
CWE-189
Numeric Errors
|
CVE-2014-5119
|
2024-11-21 11:11 |
2014-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278086
|
- |
|
vmturbo
|
operations_manager
|
vmtadmin.cgi in VMTurbo Operations Manager before 4.6 build 28657 allows remote attackers to execute arbitrary commands via shell metacharacters in the fileDate parameter in a DOWN call.
|
NVD-CWE-Other
|
CVE-2014-5073
|
2024-11-21 11:11 |
2014-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278087
|
- |
|
wordpress_mobile_pack_project
wpmobilepack
|
wordpress_mobile_pack
|
The WordPress Mobile Pack plugin before 2.0.2 for WordPress does not properly restrict access to password protected posts, which allows remote attackers to obtain sensitive information via an exporta…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5337
|
2024-11-21 11:11 |
2014-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278088
|
- |
|
iii
|
encore_discovery_solution
|
Innovative Interfaces Encore Discovery Solution 4.3 places a session token in the URI, which might allow remote attackers to obtain sensitive information via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2014-5128
|
2024-11-21 11:11 |
2014-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278089
|
- |
|
iii
|
encore_discovery_solution
|
Open redirect vulnerability in Innovative Interfaces Encore Discovery Solution 4.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspec…
|
NVD-CWE-Other
|
CVE-2014-5127
|
2024-11-21 11:11 |
2014-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278090
|
- |
|
zohocorp
|
manageengine_eventlog_analyzer
|
Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4930
|
2024-11-21 11:11 |
2014-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
