|
284071
|
- |
|
mpay24_project
|
mpay24
|
The mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to obtain credentials, the installation path, and other sensitive information via a direct request to api/curllog.log.
|
CWE-200
Information Exposure
|
CVE-2014-2009
|
2024-11-21 11:05 |
2014-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284072
|
- |
|
mpay24_project
|
mpay24
|
SQL injection vulnerability in confirm.php in the mPAY24 payment module before 1.6 for PrestaShop allows remote attackers to execute arbitrary SQL commands via the TID parameter.
|
CWE-89
SQL Injection
|
CVE-2014-2008
|
2024-11-21 11:05 |
2014-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284073
|
- |
|
plogger
|
plogger
|
Unrestricted file upload vulnerability in plog-admin/plog-upload.php in Plogger 1.0 RC1 and earlier allows remote authenticated users to execute arbitrary code by uploading a ZIP file that contains a…
|
CWE-94
Code Injection
|
CVE-2014-2223
|
2024-11-21 11:05 |
2014-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284074
|
- |
|
fortinet
|
fortios
|
The FortiManager protocol service in Fortinet FortiOS before 4.3.16 and 5.0.0 before 5.0.8 on FortiGate devices allows remote attackers to cause a denial of service and possibly execute arbitrary cod…
|
NVD-CWE-noinfo
|
CVE-2014-2216
|
2024-11-21 11:05 |
2014-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284075
|
- |
|
piwigo
|
piwigo
|
Cross-site scripting (XSS) vulnerability in include/functions_metadata.inc.php in Piwigo before 2.4.6 allows remote attackers to inject arbitrary web script or HTML via the Make field in IPTC Exif me…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1980
|
2024-11-21 11:05 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284076
|
- |
|
microsoft
|
sql_server
|
Cross-site scripting (XSS) vulnerability in Master Data Services (MDS) in Microsoft SQL Server 2012 SP1 and 2014 on 64-bit platforms allows remote attackers to inject arbitrary web script or HTML via…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1820
|
2024-11-21 11:05 |
2014-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284077
|
- |
|
microsoft
|
windows_server_2008
windows_server_2012
windows_rt
windows_8.1
windows_7
windows_rt_8.1
windows_vista
windows_8
windows_server_2003
|
win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1819
|
2024-11-21 11:05 |
2014-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284078
|
- |
|
microsoft
|
windows_server_2008
windows_server_2012
windows_rt
windows_8.1
windows_7
windows_rt_8.1
windows_vista
windows_8
windows_server_2003
|
The Windows Installer in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1814
|
2024-11-21 11:05 |
2014-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284079
|
- |
|
ui
|
unifi_controller
|
Ubiquiti UniFi Controller before 3.2.1 logs the administrative password hash in syslog messages, which allows man-in-the-middle attackers to obtain sensitive information via unspecified vectors.
|
CWE-255
Credentials Management
|
CVE-2014-2226
|
2024-11-21 11:05 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284080
|
- |
|
ui
|
unifi_video
|
The default Flash cross-domain policy (crossdomain.xml) in Ubiquiti Networks UniFi Video (formerly AirVision aka AirVision Controller) before 3.0.1 does not restrict access to the application, which …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2227
|
2024-11-21 11:05 |
2014-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
