|
279251
|
- |
|
magmi_project
|
magmi
|
Unrestricted file upload vulnerability in magmi/web/magmi.php in the MAGMI (aka Magento Mass Importer) plugin 0.7.17a and earlier for Magento Community Edition (CE) allows remote authenticated users …
|
CWE-94
Code Injection
|
CVE-2014-8770
|
2024-11-21 11:19 |
2014-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279252
|
- |
|
gnu
redhat
opensuse
canonical
|
gnutls
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_hpc_node
opensuse
ubuntu_linux
|
The _gnutls_ecc_ansi_x963_export function in gnutls_ecc.c in GnuTLS 3.x before 3.1.28, 3.2.x before 3.2.20, and 3.3.x before 3.3.10 allows remote attackers to cause a denial of service (out-of-bounds…
|
CWE-310
Cryptographic Issues
|
CVE-2014-8564
|
2024-11-21 11:19 |
2014-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279253
|
- |
|
jexperts
|
channel_platform
|
Multiple cross-site scripting (XSS) vulnerabilities in JExperts Channel Platform 5.0.33_CCB allow remote attackers to inject arbitrary web script or HTML via the (1) usuario.nome variable in an edita…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8557
|
2024-11-21 11:19 |
2014-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279254
|
- |
|
mantisbt
|
mantisbt
|
SQL injection vulnerability in the mc_project_get_attachments function in api/soap/mc_project_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary SQL commands via the proje…
|
CWE-89
SQL Injection
|
CVE-2014-8554
|
2024-11-21 11:19 |
2014-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279255
|
- |
|
freebsd
|
freebsd
|
The setlogin function in FreeBSD 8.4 through 10.1-RC4 does not initialize the buffer used to store the login name, which allows local users to obtain sensitive information from kernel memory via a ca…
|
CWE-200
Information Exposure
|
CVE-2014-8476
|
2024-11-21 11:19 |
2014-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279256
|
- |
|
open_atrium_project
|
open_atrium
|
The Open Atrium Core module for Drupal before 7.x-2.22 allows remote attackers to bypass access restrictions and read file attachments that have been removed from a node by leveraging a previous revi…
|
CWE-200
Information Exposure
|
CVE-2014-8736
|
2024-11-21 11:19 |
2014-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279257
|
- |
|
bad_behavior_project
|
bad_behavior
|
The Bad Behavior module 6.x-2.x before 6.x-2.2216 and 7.x-2.x before 7.x-2.2216 for Drupal logs usernames and passwords, which allows remote authenticated users with the "administer bad behavior" per…
|
CWE-200
Information Exposure
|
CVE-2014-8735
|
2024-11-21 11:19 |
2014-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279258
|
- |
|
drupal
|
organic_groups_menu
|
The Organic Groups Menu (aka OG Menu) module before 7.x-2.2 for Drupal allows remote authenticated users with the "access administration pages" permission to change module settings via unspecified ve…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8734
|
2024-11-21 11:19 |
2014-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279259
|
- |
|
progress
|
openedge
|
Directory traversal vulnerability in report/reportViewAction.jsp in Progress Software OpenEdge 11.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the selection parameter.
|
CWE-22
Path Traversal
|
CVE-2014-8555
|
2024-11-21 11:19 |
2014-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279260
|
- |
|
adobe
|
flash_player
air_sdk
air
air_sdk_\&_compiler
|
Adobe Flash Player before 13.0.0.252 and 14.x and 15.x before 15.0.0.223 on Windows and OS X and before 11.2.202.418 on Linux, Adobe AIR before 15.0.0.356, Adobe AIR SDK before 15.0.0.356, and Adobe …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8442
|
2024-11-21 11:19 |
2014-11-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
