|
283411
|
- |
|
redhat
|
jboss_enterprise_application_platform
|
org.jboss.as.jaxrs.deployment.JaxrsIntegrationProcessor in Red Hat JBoss Enterprise Application Platform (JEAP) before 6.2.4 enables entity expansion, which allows remote attackers to read arbitrary …
|
CWE-200
Information Exposure
|
CVE-2014-3481
|
2024-11-21 11:08 |
2014-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283412
|
- |
|
rubyonrails
|
rails
|
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql/quoting.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 4.x before 4.0.7 and 4.1.x before …
|
CWE-89
SQL Injection
|
CVE-2014-3483
|
2024-11-21 11:08 |
2014-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283413
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
SQL injection vulnerability in activerecord/lib/active_record/connection_adapters/postgresql_adapter.rb in the PostgreSQL adapter for Active Record in Ruby on Rails 2.x and 3.x before 3.2.19 allows r…
|
CWE-89
SQL Injection
|
CVE-2014-3482
|
2024-11-21 11:08 |
2014-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283414
|
- |
|
openstack
|
swift
|
Cross-site scripting (XSS) vulnerability in OpenStack Swift 1.11.0 through 1.13.1 allows remote attackers to inject arbitrary web script or HTML via the WWW-Authenticate header.
|
CWE-79
Cross-site Scripting
|
CVE-2014-3497
|
2024-11-21 11:08 |
2014-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283415
|
- |
|
christos_zoulas
php
debian
|
file
php
debian_linux
|
file before 5.19 does not properly restrict the amount of data read during a regex search, which allows remote attackers to cause a denial of service (CPU consumption) via a crafted file that trigger…
|
CWE-399
Resource Management Errors
|
CVE-2014-3538
|
2024-11-21 11:08 |
2014-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283416
|
- |
|
storesprite
|
storesprite
|
Cross-site scripting (XSS) vulnerability in templates/defaultheader.php in Lamp Design Storesprite before 7 - 19-06-14, when using the currency selection dropdown, allows remote attackers to inject a…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3737
|
2024-11-21 11:08 |
2014-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283417
|
- |
|
freedesktop
d-bus_project
|
dbus
d-bus
|
The dbus-daemon in D-Bus 1.2.x through 1.4.x, 1.6.x before 1.6.20, and 1.8.x before 1.8.4, sends an AccessDenied error to the service instead of a client when the client is prohibited from accessing …
|
NVD-CWE-noinfo
|
CVE-2014-3477
|
2024-11-21 11:08 |
2014-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283418
|
- |
|
opensuse
kde
|
opensuse
kdelibs
|
kio/usernotificationhandler.cpp in the POP3 kioslave in kdelibs 4.10.95 before 4.13.3 does not properly generate warning notifications, which allows man-in-the-middle attackers to obtain sensitive in…
|
CWE-200
Information Exposure
|
CVE-2014-3494
|
2024-11-21 11:08 |
2014-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283419
|
- |
|
theforeman
|
foreman
|
Multiple cross-site scripting (XSS) vulnerabilities in the host YAML view in Foreman before 1.4.5 and 1.5.x before 1.5.1 allow remote attackers to inject arbitrary web script or HTML via a parameter …
|
CWE-79
Cross-site Scripting
|
CVE-2014-3492
|
2024-11-21 11:08 |
2014-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283420
|
- |
|
theforeman
|
foreman
|
Cross-site scripting (XSS) vulnerability in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field to the New Host groups page, …
|
CWE-79
Cross-site Scripting
|
CVE-2014-3491
|
2024-11-21 11:08 |
2014-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
