|
279101
|
9.8 |
CRITICAL
Network
|
wondercms
|
wondercms
|
Directory traversal vulnerability in index.php in Wonder CMS 2014 allows remote attackers to include and execute arbitrary local files via a crafted theme.
|
CWE-22
Path Traversal
|
CVE-2014-8704
|
2024-11-21 11:19 |
2017-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279102
|
6.1 |
MEDIUM
Network
|
wondercms
|
wondercms
|
Cross-site scripting (XSS) vulnerability in Wonder CMS 2014 allows remote attackers to inject arbitrary web script or HTML.
|
CWE-79
Cross-site Scripting
|
CVE-2014-8703
|
2024-11-21 11:19 |
2017-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279103
|
5.3 |
MEDIUM
Network
|
wondercms
|
wondercms
|
Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message.
|
CWE-200
Information Exposure
|
CVE-2014-8702
|
2024-11-21 11:19 |
2017-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279104
|
7.5 |
HIGH
Network
|
wondercms
|
wondercms
|
Wonder CMS 2014 allows remote attackers to obtain sensitive information by viewing /files/password, which reveals the unsalted MD5 hashed password.
|
CWE-200
Information Exposure
|
CVE-2014-8701
|
2024-11-21 11:19 |
2017-03-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279105
|
7.5 |
HIGH
Network
|
telegram
|
messenger
|
An issue was discovered in Telegram Messenger 2.6 for iOS and 1.8.2 for Android. Secret chat messages are available in cleartext in process memory and a .db file.
|
CWE-200
Information Exposure
|
CVE-2014-8688
|
2024-11-21 11:19 |
2017-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279106
|
8.1 |
HIGH
Network
|
avm
|
fritz\!_os
|
AVM FRITZ!OS before 6.30 extracts the contents of firmware updates before verifying their cryptographic signature, which allows remote attackers to create symlinks or overwrite critical files, and co…
|
CWE-310
Cryptographic Issues
|
CVE-2014-8886
|
2024-11-21 11:19 |
2016-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279107
|
- |
|
oracle
|
openjdk
|
A .desktop file in the Debian openjdk-7 package 7u79-2.5.5-1~deb8u1 includes a MIME type registration that is added to /etc/mailcap by mime-support, which allows remote attackers to execute arbitrary…
|
CWE-20
Improper Input Validation
|
CVE-2014-8873
|
2024-11-21 11:19 |
2015-11-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279108
|
- |
|
ibm
|
websphere_portal
|
IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF18, and 8.5.0 before CF08 improperly restricts resource access, which …
|
CWE-284
Improper Access Control
|
CVE-2014-8912
|
2024-11-21 11:19 |
2015-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279109
|
- |
|
ibm
|
openpages_grc_platform
|
Cross-site scripting (XSS) vulnerability in IBM OpenPages GRC Platform 6.2 before IF7, 6.2.1 before 6.2.1.1 IF5, 7.0 before FP4, and 7.1 before FP1 allows remote authenticated users to inject arbitra…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8916
|
2024-11-21 11:19 |
2015-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279110
|
- |
|
apple
freebsd
|
iphone_os
freebsd
mac_os_x
|
The __sflush function in fflush.c in stdio in libc in FreeBSD 10.1 and the kernel in Apple iOS before 9 mishandles failures of the write system call, which allows context-dependent attackers to execu…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-8611
|
2024-11-21 11:19 |
2015-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
