|
278311
|
- |
|
manageengine
|
netflow_analyzer
|
Directory traversal vulnerability in the CollectorConfInfoServlet servlet in ManageEngine NetFlow Analyzer allows remote attackers to execute arbitrary code via a .. (dot dot) in the filename.
|
CWE-22
Path Traversal
|
CVE-2014-9373
|
2024-11-21 11:20 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278312
|
- |
|
manageengine
|
password_manager_pro
|
Directory traversal vulnerability in the UploadAccountActivities servlet in ManageEngine Password Manager Pro (PMP) before 7103 allows remote attackers to delete arbitrary files via a .. (dot dot) in…
|
CWE-22
Path Traversal
|
CVE-2014-9372
|
2024-11-21 11:20 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278313
|
- |
|
zohocorp
|
manageengine_desktop_central
|
The NativeAppServlet in ManageEngine Desktop Central MSP before 90075 allows remote attackers to execute arbitrary code via a crafted JSON object.
|
CWE-20
Improper Input Validation
|
CVE-2014-9371
|
2024-11-21 11:20 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278314
|
- |
|
docker
|
docker
|
Docker before 1.3.3 does not properly validate image IDs, which allows remote attackers to conduct path traversal attacks and spoof repositories via a crafted image in a (1) "docker load" operation o…
|
CWE-20
Improper Input Validation
|
CVE-2014-9358
|
2024-11-21 11:20 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278315
|
- |
|
docker
|
docker
|
Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive ex…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9357
|
2024-11-21 11:20 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278316
|
- |
|
firebirdsql
opensuse
debian
canonical
|
firebird
evergreen
debian_linux
ubuntu_linux
|
The xdr_status_vector function in Firebird before 2.1.7 and 2.5.x before 2.5.3 SU1 allows remote attackers to cause a denial of service (NULL pointer dereference, segmentation fault, and crash) via a…
|
CWE-476
NULL Pointer Dereference
|
CVE-2014-9323
|
2024-11-21 11:20 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278317
|
- |
|
debian
sixapart
|
debian_linux
movable_type
|
SQL injection vulnerability in the XML-RPC interface in Movable Type before 5.18, 5.2.x before 5.2.11, and 6.x before 6.0.6 allows remote attackers to execute arbitrary SQL commands via unspecified v…
|
CWE-89
SQL Injection
|
CVE-2014-9057
|
2024-11-21 11:20 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278318
|
- |
|
pcre
mariadb
fedoraproject
opensuse
oracle
redhat
|
pcre
mariadb
fedora
opensuse
solaris
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_server_tus
enterprise_linux_server_aus
Heap-based buffer overflow in PCRE 8.36 and earlier allows remote attackers to cause a denial of service (crash) or have other unspecified impact via a crafted regular expression, related to an asser…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-8964
|
2024-11-21 11:20 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
278319
|
- |
|
zenoss
|
zenoss_core
|
Zenoss Core before 4.2.5 SP161 sets an infinite lifetime for the session ID cookie, which makes it easier for remote attackers to hijack sessions by leveraging an unattended workstation, aka ZEN-1269…
|
NVD-CWE-Other
|
CVE-2014-9386
|
2024-11-21 11:20 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278320
|
- |
|
zenoss
|
zenoss_core
|
Cross-site request forgery (CSRF) vulnerability in Zenoss Core through 5 Beta 3 allows remote attackers to hijack the authentication of arbitrary users for requests that trigger arbitrary code execut…
|
CWE-352
Origin Validation Error
|
CVE-2014-9385
|
2024-11-21 11:20 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
