|
281621
|
- |
|
cisco
|
prime_infrastructure
|
Cross-site request forgery (CSRF) vulnerability in the INSERT page in Cisco Prime Infrastructure (PI) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun21868.
|
CWE-352
Origin Validation Error
|
CVE-2014-2152
|
2024-11-21 11:05 |
2015-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281622
|
- |
|
cisco
|
prime_infrastructure
|
The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and unspe…
|
CWE-20
Improper Input Validation
|
CVE-2014-2147
|
2024-11-21 11:05 |
2015-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281623
|
- |
|
linuxmint
gnome
canonical
|
linux_mint
gtk
ubuntu
|
GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button.
|
CWE-284
Improper Access Control
|
CVE-2014-1949
|
2024-11-21 11:05 |
2015-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281624
|
- |
|
plogger
|
plogger
|
Plogger 1.0 RC1 and earlier, when the Lucid theme is used, does not assign new values for certain codes, which makes it easier for remote attackers to bypass the CAPTCHA protection mechanism via a se…
|
CWE-254
7PK - Security Features
|
CVE-2014-2224
|
2024-11-21 11:05 |
2014-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281625
|
- |
|
videowhisper
|
videowhisper_live_streaming_integration
|
The error-handling feature in (1) bp.php, (2) videowhisper_streaming.php, and (3) ls/rtmp.inc.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attac…
|
CWE-200
Information Exposure
|
CVE-2014-1908
|
2024-11-21 11:05 |
2014-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281626
|
- |
|
videowhisper
|
videowhisper_live_streaming_integration
|
Unrestricted file upload vulnerability in ls/vw_snapshots.php in the VideoWhisper Live Streaming Integration plugin before 4.29.5 for WordPress allows remote attackers to execute arbitrary PHP code b…
|
CWE-77
Command Injection
|
CVE-2014-1905
|
2024-11-21 11:05 |
2014-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281627
|
- |
|
facebook
|
hiphop_virtual_machine
|
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypa…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2209
|
2024-11-21 11:05 |
2014-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281628
|
- |
|
facebook
|
hiphop_virtual_machine
|
CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbit…
|
CWE-94
Code Injection
|
CVE-2014-2208
|
2024-11-21 11:05 |
2014-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281629
|
- |
|
telerik
|
ui_for_asp.net_ajax
|
Absolute path traversal vulnerability in the RadAsyncUpload control in the RadControls in Telerik UI for ASP.NET AJAX before Q3 2012 SP2 allows remote attackers to write to arbitrary files, and conse…
|
CWE-22
Path Traversal
|
CVE-2014-2217
|
2024-11-21 11:05 |
2014-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281630
|
- |
|
unitedplanet
|
intrexx
|
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2026
|
2024-11-21 11:05 |
2014-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
