|
283901
|
- |
|
pocoo
|
jinja2
|
The default configuration for bccache.FileSystemBytecodeCache in Jinja2 before 2.7.2 does not properly create temporary files, which allows local users to gain privileges via a crafted .cache file wi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1402
|
2024-11-21 11:04 |
2014-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283902
|
- |
|
apple
|
itunes
|
Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary u…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1347
|
2024-11-21 11:04 |
2014-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283903
|
- |
|
dotclear
|
dotclear
|
Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dc_passwd cookie to a password-protected page, which is not properly handled by (1) inc/publ…
|
CWE-94
Code Injection
|
CVE-2014-1613
|
2024-11-21 11:04 |
2014-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283904
|
- |
|
djangoproject
canonical
|
django
ubuntu_linux
|
Django 1.4 before 1.4.13, 1.5 before 1.5.8, 1.6 before 1.6.5, and 1.7 before 1.7b4 does not properly include the (1) Vary: Cookie or (2) Cache-Control header in responses, which allows remote attacke…
|
NVD-CWE-noinfo
|
CVE-2014-1418
|
2024-11-21 11:04 |
2014-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283905
|
- |
|
symantec
|
workspace_streaming
|
The server in Symantec Workspace Streaming (SWS) before 7.5.0.749 allows remote attackers to access files and functionality by sending a crafted XMLRPC request over HTTPS.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1649
|
2024-11-21 11:04 |
2014-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283906
|
- |
|
get-simple
|
getsimple_cms
|
Multiple cross-site scripting (XSS) vulnerabilities in GetSimple CMS 3.3.1 allow remote attackers to inject arbitrary web script or HTML via the (1) param parameter to admin/load.php or (2) user, (3)…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1603
|
2024-11-21 11:04 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283907
|
- |
|
microsoft
|
office
|
Untrusted search path vulnerability in Microsoft Office 2007 SP3, 2010 SP1 and SP2, and 2013 Gold, SP1, RT, and RT SP1, when the Simplified Chinese Proofing Tool is enabled, allows local users to gai…
|
NVD-CWE-Other
|
CVE-2014-1756
|
2024-11-21 11:04 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283908
|
- |
|
microsoft
|
sharepoint_foundation
sharepoint_server
office_web_apps_server
sharepoint_server_client_components_sdk
|
Cross-site scripting (XSS) vulnerability in Microsoft SharePoint Server 2013 Gold and SP1, SharePoint Foundation 2013 Gold and SP1, Office Web Apps Server 2013 Gold and SP1, and SharePoint Server 201…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1754
|
2024-11-21 11:04 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283909
|
- |
|
google
|
chrome
|
Use-after-free vulnerability in the FrameSelection::updateAppearance function in core/editing/FrameSelection.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allows remote attackers to ca…
|
CWE-399
Resource Management Errors
|
CVE-2014-1742
|
2024-11-21 11:04 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283910
|
- |
|
google
|
chrome
|
Multiple integer overflows in the replace-data functionality in the CharacterData interface implementation in core/dom/CharacterData.cpp in Blink, as used in Google Chrome before 34.0.1847.137, allow…
|
CWE-189
Numeric Errors
|
CVE-2014-1741
|
2024-11-21 11:04 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
