|
278561
|
7.5 |
HIGH
Network
|
wondercms
|
wondercms
|
Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password.
|
CWE-200
Information Exposure
|
CVE-2014-8701
|
2024-11-21 11:19 |
2017-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278562
|
7.5 |
HIGH
Network
|
telegram
|
messenger
|
An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8.2 for Android. Secret chat messages are available in cleartext in process memory and a .db file.
|
CWE-200
Information Exposure
|
CVE-2014-8688
|
2024-11-21 11:19 |
2017-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278563
|
8.1 |
HIGH
Network
|
avm
|
fritz\!_os
|
AVM FRITZ!OS before 6.30 extracts the contents of firmware updates before verifying their cryptographic signature, which allows remote attackers to create symlinks or overwrite critical files, and co…
|
CWE-310
Cryptographic Issues
|
CVE-2014-8886
|
2024-11-21 11:19 |
2016-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278564
|
- |
|
oracle
|
openjdk
|
A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 includes a MIME type registration that is added to /etc/mailcap by mime-support, which allows remote attackers to execute arbitrary…
|
CWE-20
Improper Input Validation
|
CVE-2014-8873
|
2024-11-21 11:19 |
2015-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278565
|
- |
|
ibm
|
websphere_portal
|
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which …
|
CWE-284
Improper Access Control
|
CVE-2014-8912
|
2024-11-21 11:19 |
2015-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278566
|
- |
|
ibm
|
openpages_grc_platform
|
Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitra…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8916
|
2024-11-21 11:19 |
2015-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278567
|
- |
|
apple
freebsd
|
iphone_os
freebsd
mac_os_x
|
The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execu…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-8611
|
2024-11-21 11:19 |
2015-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278568
|
- |
|
checkmarx
|
cxsast
|
Checkmarx CxSAST (formerly CxSuite) before 7.1.8 allows remote authenticated users to bypass the CxQL sandbox protection mechanism and execute arbitrary C# code by asserting the (1) System.Security.P…
|
CWE-94
Code Injection
|
CVE-2014-8778
|
2024-11-21 11:19 |
2015-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278569
|
- |
|
polarssl
|
polarssl
|
Memory leak in PolarSSL before 1.2.12 and 1.3.x before 1.3.9 allows remote attackers to cause a denial of service (memory consumption) via a large number of crafted X.509 certificates. NOTE: this id…
|
CWE-399
Resource Management Errors
|
CVE-2014-8628
|
2024-11-21 11:19 |
2015-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278570
|
- |
|
ibm
|
db2
|
IBM DB2 9.7 through FP10, 9.8 through FP5, 10.1 before FP5, and 10.5 through FP5 on Linux, UNIX, and Windows allows remote authenticated users to read arbitrary text files via a crafted XML/XSLT func…
|
CWE-74
Injection
|
CVE-2014-8910
|
2024-11-21 11:19 |
2015-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
