|
282591
|
- |
|
wordpress
drupal
debian
|
wordpress
drupal
debian_linux
|
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, does not limit the number of elements in an XML document, which allows remote atta…
|
CWE-399
Resource Management Errors
|
CVE-2014-5266
|
2024-11-21 11:11 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282592
|
- |
|
wordpress
drupal
debian
|
wordpress
drupal
debian_linux
|
The Incutio XML-RPC (IXR) Library, as used in WordPress before 3.9.2 and Drupal 6.x before 6.33 and 7.x before 7.31, permits entity declarations without considering recursion during entity expansion,…
|
CWE-399
Resource Management Errors
|
CVE-2014-5265
|
2024-11-21 11:11 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282593
|
- |
|
wordpress
debian
|
wordpress
debian_linux
|
Cross-site scripting (XSS) vulnerability in wp-includes/pluggable.php in WordPress before 3.9.2, when Multisite is enabled, allows remote authenticated administrators to inject arbitrary web script o…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5240
|
2024-11-21 11:11 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282594
|
- |
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
fs/namespace.c in the Linux kernel through 3.16.1 does not properly restrict clearing MNT_NODEV, MNT_NOSUID, and MNT_NOEXEC and changing MNT_ATIME_MASK during a remount of a bind mount, which allows …
|
CWE-269
Improper Privilege Management
|
CVE-2014-5207
|
2024-11-21 11:11 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282595
|
- |
|
linux
canonical
|
linux_kernel
ubuntu_linux
|
The do_remount function in fs/namespace.c in the Linux kernel through 3.16.1 does not maintain the MNT_LOCK_READONLY bit across a remount of a bind mount, which allows local users to bypass an intend…
|
CWE-269
Improper Privilege Management
|
CVE-2014-5206
|
2024-11-21 11:11 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282596
|
- |
|
wordpress
|
wordpress
|
wp-includes/pluggable.php in WordPress before 3.9.2 does not use delimiters during concatenation of action values and uid values in CSRF tokens, which makes it easier for remote attackers to bypass a…
|
CWE-352
Origin Validation Error
|
CVE-2014-5205
|
2024-11-21 11:11 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282597
|
- |
|
debian
wordpress
|
debian_linux
wordpress
|
wp-includes/pluggable.php in WordPress before 3.9.2 rejects invalid CSRF nonces with a different timing depending on which characters in the nonce are incorrect, which makes it easier for remote atta…
|
CWE-352
Origin Validation Error
|
CVE-2014-5204
|
2024-11-21 11:11 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282598
|
- |
|
wordpress
|
wordpress
|
wp-includes/class-wp-customize-widgets.php in the widget implementation in WordPress 3.9.x before 3.9.2 might allow remote attackers to execute arbitrary code via crafted serialized data.
|
NVD-CWE-noinfo
|
CVE-2014-5203
|
2024-11-21 11:11 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282599
|
- |
|
siemens
|
simatic_s7-1500_cpu_firmware
simatic_s7-1511-1_pn_cpu
simatic_s7-1513-1_pn_cpu
simatic_s7-1515-2_pn_cpu
simatic_s7-1516-3_pn\/dp_cpu
simatic_s7-1516f-3_pn\/dp_cpu
simatic_s7-1518-4_…
|
Siemens SIMATIC S7-1500 CPU devices with firmware before 1.6 allow remote attackers to cause a denial of service (device restart and STOP transition) via crafted TCP packets.
|
NVD-CWE-noinfo
|
CVE-2014-5074
|
2024-11-21 11:11 |
2014-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282600
|
- |
|
xml-dt_project
|
xml-dt
|
The (1) mkxmltype and (2) mkdtskel scripts in XML-DT before 0.64 allow local users to overwrite arbitrary files via a symlink attack on a /tmp/_xml_##### temporary file.
|
CWE-59
Link Following
|
CVE-2014-5260
|
2024-11-21 11:11 |
2014-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
