|
280171
|
- |
|
isc
|
bind
|
libdns in ISC BIND 9.10.0 before P2 does not properly handle EDNS options, which allows remote attackers to cause a denial of service (REQUIRE assertion failure and daemon exit) via a crafted packet,…
|
CWE-20
Improper Input Validation
|
CVE-2014-3859
|
2024-11-21 11:09 |
2014-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280172
|
- |
|
ckeditor
|
fckeditor
|
Cross-site scripting (XSS) vulnerability in editor/dialog/fck_spellerpages/spellerpages/server-scripts/spellchecker.php in FCKeditor before 2.6.11 and earlier allows remote attackers to inject arbitr…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4037
|
2024-11-21 11:09 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280173
|
- |
|
impresscms
|
impresscms
|
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action.
|
CWE-79
Cross-site Scripting
|
CVE-2014-4036
|
2024-11-21 11:09 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280174
|
- |
|
bestsoftinc
|
advance_hotel_booking_system
|
Cross-site scripting (XSS) vulnerability in booking_details.php in Best Soft Inc. (BSI) Advance Hotel Booking System 2.0 allows remote attackers to inject arbitrary web script or HTML via the title p…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4035
|
2024-11-21 11:09 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280175
|
- |
|
aas9
|
zerocms
|
SQL injection vulnerability in zero_view_article.php in ZeroCMS 1.0 allows remote attackers to execute arbitrary SQL commands via the article_id parameter.
|
CWE-89
SQL Injection
|
CVE-2014-4034
|
2024-11-21 11:09 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280176
|
- |
|
efrontlearning
|
efront
|
Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname paramet…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4033
|
2024-11-21 11:09 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280177
|
- |
|
fiyo
|
fiyo_cms
|
Cross-site scripting (XSS) vulnerability in apps/app_comment/form_comment.php in Fiyo CMS 1.5.7 allows remote attackers to inject arbitrary web script or HTML via the Nama field.
|
CWE-79
Cross-site Scripting
|
CVE-2014-4032
|
2024-11-21 11:09 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280178
|
- |
|
daiki_ueno
|
libfep
|
libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in the abstract namespace, which allows local users to gain privileges via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3980
|
2024-11-21 11:09 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280179
|
- |
|
pulseaudio
|
pulseaudio
|
The pa_rtp_recv function in modules/rtp/rtp.c in the module-rtp-recv module in PulseAudio 5.0 and earlier allows remote attackers to cause a denial of service (assertion failure and abort) via an emp…
|
NVD-CWE-noinfo
|
CVE-2014-3970
|
2024-11-21 11:09 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280180
|
- |
|
rocketsoftware
|
rocket_servergraph
|
The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (…
|
CWE-94
Code Injection
|
CVE-2014-3915
|
2024-11-21 11:09 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
