|
279421
|
9.8 |
CRITICAL
Network
|
musl-libc
|
musl
|
Multiple stack-based buffer overflows in the __dn_expand function in network/dn_expand.c in musl libc 1.1x before 1.1.2 and 0.9.13 through 1.0.3 allow remote attackers to (1) have unspecified impact …
|
CWE-787
Out-of-bounds Write
|
CVE-2014-3484
|
2024-11-21 11:08 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279422
|
9.8 |
CRITICAL
Network
|
php
|
php
|
Use-after-free vulnerability in the add_post_var function in the Posthandler component in PHP 5.6.x before 5.6.1 might allow remote attackers to execute arbitrary code by leveraging a third-party fil…
|
CWE-416
Use After Free
|
CVE-2014-3622
|
2024-11-21 11:08 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279423
|
5.4 |
MEDIUM
Network
|
mybb
|
mybb
|
Multiple cross-site scripting (XSS) vulnerabilities in the MyBB (aka MyBulletinBoard) before 1.8.4 allow remote authenticated users to inject arbitrary web script or HTML via the title parameter in t…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3827
|
2024-11-21 11:08 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279424
|
5.4 |
MEDIUM
Network
|
mybb
|
mybb
|
Cross-site scripting (XSS) vulnerability in MyBB before 1.6.13 allows remote authenticated users to inject arbitrary web script or HTML via the name parameter in the edit action of the config-profile…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3826
|
2024-11-21 11:08 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279425
|
6.1 |
MEDIUM
Network
|
nokia
|
1830_photonic_service_switch-4_firmware
1830_photonic_service_switch-16_firmware
1830_photonic_service_switch-32_firmware
|
Cross-site scripting (XSS) vulnerability in the management interface in Alcatel-Lucent 1830 Photonic Service Switch (PSS) 6.0 and earlier allows remote attackers to inject arbitrary web script or HTM…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3809
|
2024-11-21 11:08 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279426
|
9.8 |
CRITICAL
Network
|
exlibrisgroup
|
aleph_500
|
Multiple SQL injection vulnerabilities in cgi-bin/review_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to execute arbitrary SQL commands via t…
|
CWE-89
SQL Injection
|
CVE-2014-3719
|
2024-11-21 11:08 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279427
|
6.1 |
MEDIUM
Network
|
exlibrisgroup
|
aleph_500
|
Multiple cross-site scripting (XSS) vulnerabilities in cgi-bin/tag_m.cgi in Ex Libris ALEPH 500 (Integrated library management system) 18.1 and 20 allow remote attackers to inject arbitrary web scrip…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3718
|
2024-11-21 11:08 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279428
|
7.0 |
HIGH
Local
|
fishshell
|
fish
|
The funced function in fish (aka fish-shell) 1.23.0 before 2.1.1 does not properly create temporary files, which allows local users to gain privileges via a temporary file with a predictable name.
|
CWE-362
Race Condition
|
CVE-2014-3856
|
2024-11-21 11:08 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279429
|
9.8 |
CRITICAL
Network
|
handsomeweb
|
sos_webpages
|
backup.php in HandsomeWeb SOS Webpages before 1.1.12 does not require knowledge of the cleartext password, which allows remote attackers to bypass authentication by leveraging knowledge of the admini…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2014-3445
|
2024-11-21 11:08 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279430
|
5.5 |
MEDIUM
Local
|
1password
|
1password
|
AgileBits 1Password through 1.0.9.340 allows security feature bypass
|
CWE-200
Information Exposure
|
CVE-2014-3753
|
2024-11-21 11:08 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
