|
279111
|
- |
|
webedition
|
webedition_cms
|
Directory traversal vulnerability in showTempFile.php in webEdition CMS before 6.3.9.0 Beta allows remote authenticated users to read arbitrary files via a .. (dot dot) in the file parameter.
|
CWE-22
Path Traversal
|
CVE-2014-5258
|
2024-11-21 11:11 |
2014-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279112
|
- |
|
formalms
|
formalms
|
Multiple cross-site scripting (XSS) vulnerabilities in Forma Lms before 1.2.1 p01 allow remote attackers to inject arbitrary web script or HTML via the (1) id_custom parameter in an amanmenu request …
|
CWE-79
Cross-site Scripting
|
CVE-2014-5257
|
2024-11-21 11:11 |
2014-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279113
|
- |
|
nordex
|
nordex_control_2_scada
|
Cross-site scripting (XSS) vulnerability in the login script in the Wind Farm Portal on Nordex Control 2 (NC2) SCADA devices 15 and earlier allows remote attackers to inject arbitrary web script or H…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5408
|
2024-11-21 11:11 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279114
|
- |
|
eset
|
personal_firewall_ndis_filter
|
The ESET Personal Firewall NDIS filter (EpFwNdis.sys) kernel mode driver, aka Personal Firewall module before Build 1212 (20140609), as used in multiple ESET products 5.0 through 7.0, allows local us…
|
CWE-200
Information Exposure
|
CVE-2014-4974
|
2024-11-21 11:11 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279115
|
- |
|
expressionengine
ellislab
|
expressionengine
|
Multiple SQL injection vulnerabilities in EllisLab ExpressionEngine before 2.9.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) column_filter or (2) category[] paramet…
|
CWE-89
SQL Injection
|
CVE-2014-5387
|
2024-11-21 11:11 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279116
|
- |
|
ffmpeg
|
ffmpeg
|
libavcodec/iff.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.2.x before 2.2.7, and 2.3.x before 2.3.2 allows remote attackers to have unspecified impact via a crafted iff image, which triggers an …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-5272
|
2024-11-21 11:11 |
2014-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279117
|
- |
|
ffmpeg
libav
|
ffmpeg
libav
|
Heap-based buffer overflow in the encode_slice function in libavcodec/proresenc_kostya.c in FFMpeg before 1.1.14, 1.2.x before 1.2.8, 2.x before 2.2.7, and 2.3.x before 2.3.3 and Libav before 10.5 al…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-5271
|
2024-11-21 11:11 |
2014-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279118
|
- |
|
gnu
|
wget
|
Absolute path traversal vulnerability in GNU Wget before 1.16, when recursion is enabled, allows remote FTP servers to write to arbitrary files, and consequently execute arbitrary code, via a LIST re…
|
CWE-22
Path Traversal
|
CVE-2014-4877
|
2024-11-21 11:11 |
2014-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279119
|
- |
|
xen
|
xen
|
Xen 4.4.x, when running on an ARM system and "handling an unknown system register access from 64-bit userspace," returns to an instruction of the trap handler for kernel space faults instead of an in…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-5148
|
2024-11-21 11:11 |
2014-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279120
|
- |
|
redhat
igniterealtime
|
jboss_fuse
smack_api
|
The Ignite Realtime Smack XMPP API 4.x before 4.0.2, and 3.x and 2.x when a custom SSLContext is used, does not verify that the server hostname matches a domain name in the subject's Common Name (CN)…
|
CWE-310
Cryptographic Issues
|
CVE-2014-5075
|
2024-11-21 11:11 |
2014-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
