|
281491
|
- |
|
marcel_brinkkemper
|
lazyest-gallery
|
Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2333
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281492
|
- |
|
tigase
|
tigase
|
net/IOService.java in Tigase before 5.2.1 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2746
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281493
|
- |
|
prosody
|
prosody
|
Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream,…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2745
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281494
|
- |
|
lightwitch
prosody
|
metronome
prosody
|
plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cau…
|
CWE-20
Improper Input Validation
|
CVE-2014-2744
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281495
|
- |
|
lightwitch
|
metronome
|
plugins/mod_compression.lua in Lightwitch Metronome through 3.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resou…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2743
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281496
|
- |
|
isode
|
m-link
|
Isode M-Link before 16.0v7 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP s…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2742
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281497
|
- |
|
igniterealtime
|
openfire
|
nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2741
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281498
|
- |
|
sap
|
business_object_processing_framework_for_abap
|
SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
|
CWE-255
Credentials Management
|
CVE-2014-2752
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281499
|
- |
|
sap
|
print_and_output_management
|
SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
|
CWE-255
Credentials Management
|
CVE-2014-2751
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281500
|
- |
|
sap
|
hana
|
The HANA ICM process in SAP HANA allows remote attackers to obtain the platform version, host name, instance number, and possibly other sensitive information via a malformed HTTP GET request.
|
CWE-200
Information Exposure
|
CVE-2014-2749
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
