|
279311
|
- |
|
sap
|
netweaver_java_application_server
|
XML external entity (XXE) vulnerability in the Web Service Navigator in SAP NetWeaver Application Server (AS) Java allows remote attackers to access arbitrary files via a crafted request.
|
NVD-CWE-Other
|
CVE-2014-8590
|
2024-11-21 11:19 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279312
|
- |
|
sap
|
network_interface_router
|
Integer overflow in SAP Network Interface Router (SAProuter) 40.4 allows remote attackers to cause a denial of service (resource consumption) via crafted requests.
|
CWE-189
Numeric Errors
|
CVE-2014-8589
|
2024-11-21 11:19 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279313
|
- |
|
sap
|
hana
|
SQL injection vulnerability in metadata.xsjs in SAP HANA 1.00.60.379371 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2014-8588
|
2024-11-21 11:19 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279314
|
- |
|
sap
|
commoncryptolib
sapcryptolib
sapseculib
hana
netweaver
|
SAPCRYPTOLIB before 5.555.38, SAPSECULIB, and CommonCryptoLib before 8.4.30, as used in SAP NetWeaver AS for ABAP and SAP HANA, allows remote attackers to spoof Digital Signature Algorithm (DSA) sign…
|
CWE-310
Cryptographic Issues
|
CVE-2014-8587
|
2024-11-21 11:19 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279315
|
- |
|
cp_multi_view_event_calendar_project
|
cp_multi_view_event_calendar
|
SQL injection vulnerability in the CP Multi View Event Calendar plugin 1.01 for WordPress allows remote attackers to execute arbitrary SQL commands via the calid parameter.
|
CWE-89
SQL Injection
|
CVE-2014-8586
|
2024-11-21 11:19 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279316
|
- |
|
wpdownloadmanager
|
wordpress_download_manager
|
Directory traversal vulnerability in the WordPress Download Manager plugin for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the fname parameter to (1) views/file_do…
|
CWE-59
Link Following
|
CVE-2014-8585
|
2024-11-21 11:19 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279317
|
- |
|
web-dorado
|
web-dorado_spider_video_player
|
Cross-site scripting (XSS) vulnerability in the Web Dorado Spider Video Player (aka WordPress Video Player) plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8584
|
2024-11-21 11:19 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279318
|
- |
|
estsoft
|
alupdate
|
ESTsoft ALUpdate 8.5.1.0.0 uses weak permissions (Users: Full Control) for the (1) AlUpdate folder and (2) AlUpdate.exe, which allows local users to gain privileges via a Trojan horse file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8494
|
2024-11-21 11:19 |
2014-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279319
|
- |
|
fortinet
|
coyote_point_equalizer_firmware
coyote_point_equalizer
fortiadc_firmware
fortiadc-1000e
fortiadc-300e
fortiadc-400e
fortiadc-600e
|
FortiNet FortiADC-E with firmware 3.1.1 before 4.0.5 and Coyote Point Equalizer with firmware 10.2.0a allows remote attackers to obtain access to arbitrary subnets via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2014-8582
|
2024-11-21 11:19 |
2014-11-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279320
|
- |
|
openstack
|
horizon
|
Cross-site scripting (XSS) vulnerability in the Groups panel in OpenStack Dashboard (Horizon) before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject ar…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8578
|
2024-11-21 11:19 |
2014-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
