|
279241
|
- |
|
hl7
|
c-cda
|
Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody ele…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3861
|
2024-11-21 11:09 |
2014-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279242
|
- |
|
amazon
|
kindle
|
The Amazon.com Kindle application before 4.5.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive informat…
|
CWE-310
Cryptographic Issues
|
CVE-2014-3908
|
2024-11-21 11:09 |
2014-08-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279243
|
- |
|
vmware
|
vm-support
workstation
tools
|
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, uses 0644 permissions for the vm-support archive, which allows local users to obtain sensiti…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4200
|
2024-11-21 11:09 |
2014-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279244
|
- |
|
vmware
|
vm-support
workstation
tools
|
vm-support 0.88 in VMware Tools, as distributed with VMware Workstation through 10.0.3 and other products, allows local users to write to arbitrary files via a symlink attack on a file in /tmp.
|
CWE-59
Link Following
|
CVE-2014-4199
|
2024-11-21 11:09 |
2014-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279245
|
- |
|
mailpoet
|
mailpoet_newsletters
|
Cross-site request forgery (CSRF) vulnerability in the MailPoet Newsletters (wysija-newsletters) plugin before 2.6.11 for WordPress allows remote attackers to hijack the authentication of arbitrary u…
|
CWE-352
Origin Validation Error
|
CVE-2014-3907
|
2024-11-21 11:09 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279246
|
- |
|
little_kernel_project
|
little_kernel_bootloader
|
The cmd_boot function in app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows…
|
CWE-287
Improper Authentication
|
CVE-2014-4325
|
2024-11-21 11:09 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279247
|
- |
|
bssys
|
rbs_bs-client
|
Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allow remote attackers to execute arbitrary SQL commands via the (1) CARDS or (2) XACTION parameter.
|
CWE-89
SQL Injection
|
CVE-2014-4197
|
2024-11-21 11:09 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279248
|
- |
|
freebsd
netbsd
|
freebsd
netbsd
|
The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the…
|
NVD-CWE-Other
|
CVE-2014-3951
|
2024-11-21 11:09 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279249
|
- |
|
kk-osk
|
advance-flow
advance-flow_forms
|
SQL injection vulnerability in OSK Advance-Flow 4.41 and earlier and Advance-Flow Forms 4.41 and earlier allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2014-3906
|
2024-11-21 11:09 |
2014-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279250
|
- |
|
jayj
|
cakifo
|
Cross-site scripting (XSS) vulnerability in the Cakifo theme 1.x before 1.6.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via crafted Exif data.
|
CWE-79
Cross-site Scripting
|
CVE-2014-3903
|
2024-11-21 11:09 |
2014-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
