|
278091
|
- |
|
invensys
|
wonderware_information_server
|
SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2014-5399
|
2024-11-21 11:11 |
2014-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278092
|
- |
|
invensys
|
wonderware_information_server
|
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration i…
|
CWE-20
Improper Input Validation
|
CVE-2014-5398
|
2024-11-21 11:11 |
2014-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278093
|
- |
|
invensys
|
wonderware_information_server
|
Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspec…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5397
|
2024-11-21 11:11 |
2014-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278094
|
- |
|
monkey-project
|
monkey
|
Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error messages are set, allows remote attackers to cause a denial of service (file descriptor consumption) …
|
CWE-20
Improper Input Validation
|
CVE-2014-5336
|
2024-11-21 11:11 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278095
|
- |
|
pandasecurity
|
panda_av_pro_2014
panda_internet_security_2014
panda_global_protection_2014
|
Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-5307
|
2024-11-21 11:11 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278096
|
- |
|
qemu
|
qemu
|
vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infini…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-5263
|
2024-11-21 11:11 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278097
|
- |
|
opendaylight
|
opendaylight
|
The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, rel…
|
NVD-CWE-Other
|
CVE-2014-5035
|
2024-11-21 11:11 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278098
|
- |
|
innovaphone
|
innovaphone_pbx
|
Multiple cross-site request forgery (CSRF) vulnerabilities in innovaphone PBX 10.00 sr11 and earlier allow remote attackers to hijack the authentication of administrators for requests that modify con…
|
CWE-352
Origin Validation Error
|
CVE-2014-5335
|
2024-11-21 11:11 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278099
|
- |
|
openstack
canonical
|
image_registry_and_delivery_service_\(glance\)
ubuntu_linux
|
OpenStack Image Registry and Delivery Service (Glance) before 2013.2.4, 2014.x before 2014.1.3, and Juno before Juno-3, when using the V2 API, does not properly enforce the image_size_cap configurati…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5356
|
2024-11-21 11:11 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278100
|
- |
|
openstack
canonical
|
keystone
ubuntu_linux
|
OpenStack Identity (Keystone) 2014.1.x before 2014.1.2.1 and Juno before Juno-3 does not properly revoke tokens when a domain is invalidated, which allows remote authenticated users to retain access …
|
CWE-255
Credentials Management
|
CVE-2014-5253
|
2024-11-21 11:11 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
