|
280651
|
- |
|
mageia_project
gnu
|
mageia
emacs
|
lisp/net/browse-url.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a /tmp/Mosaic.##### temporary file.
|
CWE-59
Link Following
|
CVE-2014-3423
|
2024-11-21 11:08 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280652
|
- |
|
gnu
mageia_project
|
emacs
mageia
|
lisp/emacs-lisp/find-gc.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on a temporary file under /tmp/esrc/.
|
CWE-59
Link Following
|
CVE-2014-3422
|
2024-11-21 11:08 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280653
|
- |
|
mageia_project
gnu
|
mageia
emacs
|
lisp/gnus/gnus-fun.el in GNU Emacs 24.3 and earlier allows local users to overwrite arbitrary files via a symlink attack on the /tmp/gnus.face.ppm temporary file.
|
CWE-59
Link Following
|
CVE-2014-3421
|
2024-11-21 11:08 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280654
|
7.5 |
HIGH
Network
|
askpop3d_project
|
askpop3d
|
A Denial of Service vulnerability exists in askpop3d 0.7.7 in free (pszQuery),
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3208
|
2024-11-21 11:07 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280655
|
6.1 |
MEDIUM
Network
|
keplerproject
|
cgilua
|
The session.lua library in CGILua 5.2 alpha 1 and 5.2 alpha 2 uses weak session IDs generated based on OS time, which allows remote attackers to hijack arbitrary sessions via a brute force attack. NO…
|
CWE-307
mproper Restriction of Excessive Authentication Attempts
|
CVE-2014-2875
|
2024-11-21 11:07 |
2020-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280656
|
8.8 |
HIGH
Network
|
web2project
|
web2project
|
Multiple SQL injection vulnerabilities in web2Project 3.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) search_string parameter in the contacts module to …
|
CWE-89
SQL Injection
|
CVE-2014-3119
|
2024-11-21 11:07 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280657
|
6.1 |
MEDIUM
Network
|
infoware
|
mapsuite
|
Cross-site scripting (XSS) vulnerability in infoware MapSuite MapAPI 1.0.x before 1.0.36 and 1.1.x before 1.1.49 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-2843
|
2024-11-21 11:07 |
2020-02-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280658
|
5.9 |
MEDIUM
Network
|
lwp\
|
\
|
The libwww-perl LWP::Protocol::https module 6.04 through 6.06 for Perl, when using IO::Socket::SSL as the SSL socket class, allows attackers to disable server certificate validation via the (1) HTTPS…
|
CWE-295
Improper Certificate Validation
|
CVE-2014-3230
|
2024-11-21 11:07 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280659
|
9.8 |
CRITICAL
Network
|
fishshell
|
fish
|
fish (aka fish-shell) 2.0.0 before 2.1.1 does not restrict access to the configuration service (aka fish_config), which allows remote attackers to execute arbitrary code via unspecified vectors, as d…
|
CWE-20
Improper Input Validation
|
CVE-2014-2914
|
2024-11-21 11:07 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280660
|
7.0 |
HIGH
Local
|
fishshell
|
fish
|
The psub function in fish (aka fish-shell) 1.16.0 before 2.1.1 does not properly create temporary files, which allows local users to execute arbitrary commands via a temporary file with a predictable…
|
CWE-362
Race Condition
|
CVE-2014-2906
|
2024-11-21 11:07 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
