|
278141
|
- |
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows …
|
CWE-269
Improper Privilege Management
|
CVE-2014-5207
|
2024-11-21 11:11 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278142
|
- |
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intend…
|
CWE-269
Improper Privilege Management
|
CVE-2014-5206
|
2024-11-21 11:11 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278143
|
- |
|
wordpress
|
wordpress
|
wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a…
|
CWE-352
Origin Validation Error
|
CVE-2014-5205
|
2024-11-21 11:11 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278144
|
- |
|
debian
wordpress
|
debian_linux
wordpress
|
wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote atta…
|
CWE-352
Origin Validation Error
|
CVE-2014-5204
|
2024-11-21 11:11 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278145
|
- |
|
wordpress
|
wordpress
|
wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.
|
NVD-CWE-noinfo
|
CVE-2014-5203
|
2024-11-21 11:11 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278146
|
- |
|
siemens
|
simatic_s7-1500_cpu_firmware
simatic_s7-1511-1_pn_cpu
simatic_s7-1513-1_pn_cpu
simatic_s7-1515-2_pn_cpu
simatic_s7-1516-3_pn\/dp_cpu
simatic_s7-1516f-3_pn\/dp_cpu
simatic_s7-1518-4_…
|
Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device restart and STOP transition) via crafted TCP packets.
|
NVD-CWE-noinfo
|
CVE-2014-5074
|
2024-11-21 11:11 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278147
|
- |
|
xml-dt_project
|
xml-dt
|
The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file.
|
CWE-59
Link Following
|
CVE-2014-5260
|
2024-11-21 11:11 |
2014-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278148
|
- |
|
biblio_autocomplete_project
|
biblio_autocomplete
|
Unspecified vulnerability in the AJAX autocompletion callback in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to access data via…
|
NVD-CWE-noinfo
|
CVE-2014-5250
|
2024-11-21 11:11 |
2014-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278149
|
- |
|
biblio_autocomplete_project
|
biblio_autocomplete
|
SQL injection vulnerability in the "Biblio self autocomplete" submodule in the Biblio Autocomplete module 6.x-1.x before 6.x-1.1 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to execu…
|
CWE-89
SQL Injection
|
CVE-2014-5249
|
2024-11-21 11:11 |
2014-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278150
|
- |
|
mybb
|
mybb
|
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.15 allows remote attackers to inject arbitrary web script or HTML via vectors related to video MyCode.
|
CWE-79
Cross-site Scripting
|
CVE-2014-5248
|
2024-11-21 11:11 |
2014-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
