|
279001
|
8.8 |
HIGH
Network
|
dompdf_project
|
dompdf
|
DOMPDF before 0.6.2 allows remote code execution, a related issue to CVE-2014-2383.
|
NVD-CWE-noinfo
|
CVE-2014-5013
|
2024-11-21 11:11 |
2020-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279002
|
6.5 |
MEDIUM
Network
|
dompdf_project
|
dompdf
|
DOMPDF before 0.6.2 allows denial of service.
|
NVD-CWE-noinfo
|
CVE-2014-5012
|
2024-11-21 11:11 |
2020-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279003
|
6.5 |
MEDIUM
Network
|
dompdf_project
|
dompdf
|
DOMPDF before 0.6.2 allows Information Disclosure.
|
CWE-200
Information Exposure
|
CVE-2014-5011
|
2024-11-21 11:11 |
2020-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279004
|
8.8 |
HIGH
Network
|
kemptechnologies
|
loadmaster
|
A Bash script injection vulnerability exists in Kemp Load Master 7.1-16 and earlier due to a failure to sanitize input in the Web User Interface (WUI).
|
CWE-74
Injection
|
CVE-2014-5287
|
2024-11-21 11:11 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279005
|
5.3 |
MEDIUM
Network
|
ntp
f5
|
ntp
big-ip_local_traffic_manager
big-ip_wan_optimization_manager
big-ip_edge_gateway
big-ip_analytics
big-ip_access_policy_manager
big-ip_global_traffic_manager
big-iq_centralize…
|
An Information Disclosure vulnerability exists in NTP 4.2.7p25 private (mode 6/7) messages via a GET_RESTRICT control message, which could let a malicious user obtain sensitive information.
|
CWE-200
Information Exposure
|
CVE-2014-5209
|
2024-11-21 11:11 |
2020-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279006
|
8.8 |
HIGH
Network
|
loadedcommerce
|
loaded7
|
The bindReplace function in the query factory in includes/classes/database.php in Loaded Commerce 7 does not properly handle : (colon) characters, which allows remote authenticated users to conduct S…
|
CWE-89
SQL Injection
|
CVE-2014-5140
|
2024-11-21 11:11 |
2020-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279007
|
9.8 |
CRITICAL
Network
|
senkas_kolibri_project
|
senkas_kolibri
|
Buffer overflow in Senkas Kolibri 2.0 allows remote attackers to execute arbitrary code via a long URI in a POST request.
|
CWE-20
Improper Input Validation
|
CVE-2014-5289
|
2024-11-21 11:11 |
2019-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279008
|
6.1 |
MEDIUM
Network
|
zend
debian
|
zend_framework
debian_linux
|
ZF2014-03 has a potential cross site scripting vector in multiple view helpers
|
CWE-79
Cross-site Scripting
|
CVE-2014-4913
|
2024-11-21 11:11 |
2019-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279009
|
7.0 |
HIGH
Local
|
xcfa_project
debian
|
xcfa
debian_linux
|
xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files. Note: A different vulnerability than CVE-2014-5254.
|
CWE-362
Race Condition
|
CVE-2014-5255
|
2024-11-21 11:11 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279010
|
4.7 |
MEDIUM
Local
|
xcfa_project
|
xcfa
|
xcfa before 5.0.1 creates temporary files insecurely which could allow local users to launch a symlink attack and overwrite arbitrary files.
|
CWE-362
Race Condition
|
CVE-2014-5254
|
2024-11-21 11:11 |
2019-11-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
