|
279341
|
9.8 |
CRITICAL
Network
|
frog_cms_project
|
frog_cms
|
An Arbitrary File Upload issue was discovered in Frog CMS 0.9.5 due to lack of extension validation.
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2014-4912
|
2024-11-21 11:11 |
2018-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279342
|
8.8 |
HIGH
Network
|
invisioncommunity
|
invision_power_board
|
SQL injection vulnerability in Invision Power Board (aka IPB or IP.Board) before 3.4.6 allows remote attackers to execute arbitrary SQL commands via the cId parameter.
|
CWE-89
SQL Injection
|
CVE-2014-4928
|
2024-11-21 11:11 |
2018-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279343
|
9.8 |
CRITICAL
Network
|
thycotic
|
secret_server
|
The Remote Desktop Launcher in Thycotic Secret Server before 8.6.000010 does not properly cleanup a temporary file that contains an encrypted password once a session has ended.
|
CWE-255
Credentials Management
|
CVE-2014-4861
|
2024-11-21 11:11 |
2018-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279344
|
9.8 |
CRITICAL
Network
|
gnu
|
libgfortran
|
Multiple integer overflows in libgfortran might allow remote attackers to execute arbitrary code or cause a denial of service (Fortran application crash) via vectors related to array allocation.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2014-5044
|
2024-11-21 11:11 |
2018-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279345
|
8.1 |
HIGH
Network
|
docker
|
docker
|
Docker before 1.3 does not properly validate image IDs, which allows remote attackers to redirect to another image through the loading of untrusted images via 'docker load'.
|
CWE-20
Improper Input Validation
|
CVE-2014-5282
|
2024-11-21 11:11 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279346
|
8.8 |
HIGH
Network
|
boot2docker
|
boot2docker
|
boot2docker 1.2 and earlier allows attackers to conduct cross-site request forgery (CSRF) attacks by leveraging Docker daemons enabling TCP connections without TLS authentication.
|
CWE-352
Origin Validation Error
|
CVE-2014-5280
|
2024-11-21 11:11 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279347
|
8.8 |
HIGH
Network
|
boot2docker
|
boot2docker
|
The Docker daemon managed by boot2docker 1.2 and earlier improperly enables unauthenticated TCP connections by default, which makes it easier for remote attackers to gain privileges or execute arbitr…
|
CWE-284
Improper Access Control
|
CVE-2014-5279
|
2024-11-21 11:11 |
2018-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279348
|
5.4 |
MEDIUM
Network
|
oxid-esales
|
eshop
|
OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4919
|
2024-11-21 11:11 |
2018-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279349
|
8.8 |
HIGH
Network
|
microsemi
|
s350i_firmware
|
Symmetricom s350i 2.70.15 allows remote authenticated users to gain privileges via vectors related to pushing unauthenticated users to the login page.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5070
|
2024-11-21 11:11 |
2018-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279350
|
7.5 |
HIGH
Network
|
microsemi
|
s350i_firmware
|
Directory traversal vulnerability in the web application in Symmetricom s350i 2.70.15 allows remote attackers to read arbitrary files via a (1) ../ (dot dot slash) or (2) ..\ (dot dot forward slash) …
|
CWE-22
Path Traversal
|
CVE-2014-5068
|
2024-11-21 11:11 |
2018-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
