|
277521
|
- |
|
cfdbplugin
|
contact_form_db
|
Multiple cross-site scripting (XSS) vulnerabilities in the Contact Form DB (aka CFDB and contact-form-7-to-database-extension) plugin before 2.8.16 for WordPress allow remote attackers to inject arbi…
|
CWE-79
Cross-site Scripting
|
CVE-2014-7139
|
2024-11-21 11:16 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277522
|
- |
|
rejetto
|
http_file_server
|
The file comment feature in Rejetto HTTP File Server (hfs) 2.3c and earlier allows remote attackers to execute arbitrary code by uploading a file with certain invalid UTF-8 byte sequences that are in…
|
CWE-94
Code Injection
|
CVE-2014-7226
|
2024-11-21 11:16 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277523
|
- |
|
oceanavenue
|
ocean_avenue_mobile_pro
|
The Ocean Avenue Mobile Pro (aka com.oceanavenue.mobile) application 2.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and…
|
CWE-310
Cryptographic Issues
|
CVE-2014-7047
|
2024-11-21 11:16 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277524
|
- |
|
george_wassouf_project
|
george_wassouf
|
The George Wassouf (aka com.devkhr32.georgewassouf) application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obta…
|
CWE-310
Cryptographic Issues
|
CVE-2014-7046
|
2024-11-21 11:16 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277525
|
- |
|
eng
|
spagobi
|
The default configuration in the accessibility engine in SpagoBI 5.0.0 does not set FEATURE_SECURE_PROCESSING, which allows remote authenticated users to execute arbitrary Java code via a crafted XSL…
|
CWE-94
Code Injection
|
CVE-2014-7296
|
2024-11-21 11:16 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277526
|
- |
|
openstack
redhat
|
nova
cinder
trove
openstack
|
The strutils.mask_password function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, w…
|
CWE-200
Information Exposure
|
CVE-2014-7231
|
2024-11-21 11:16 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277527
|
- |
|
openstack
redhat
canonical
|
nova
cinder
trove
openstack
ubuntu_linux
|
The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a Pro…
|
CWE-200
Information Exposure
|
CVE-2014-7230
|
2024-11-21 11:16 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277528
|
- |
|
joomla
|
joomla\!
|
Unspecified vulnerability in Joomla! before 2.5.4 before 2.5.26, 3.x before 3.2.6, and 3.3.x before 3.3.5 allows attackers to cause a denial of service via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2014-7229
|
2024-11-21 11:16 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277529
|
- |
|
zeromq
|
zeromq
|
libzmq (aka ZeroMQ/C++) 4.0.x before 4.0.5 does not ensure that nonces are unique, which allows man-in-the-middle attackers to conduct replay attacks via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2014-7203
|
2024-11-21 11:16 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277530
|
- |
|
zeromq
|
zeromq
|
stream_engine.cpp in libzmq (aka ZeroMQ/C++)) 4.0.5 before 4.0.5 allows man-in-the-middle attackers to conduct downgrade attacks via a crafted connection request.
|
NVD-CWE-noinfo
|
CVE-2014-7202
|
2024-11-21 11:16 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
