|
282631
|
- |
|
status2k
|
status2k
|
admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel.
|
CWE-94
Code Injection
|
CVE-2014-5090
|
2024-11-21 11:11 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282632
|
- |
|
status2k
|
status2k
|
SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter.
|
CWE-89
SQL Injection
|
CVE-2014-5089
|
2024-11-21 11:11 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282633
|
- |
|
status2k
|
status2k
|
Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php.
|
CWE-79
Cross-site Scripting
|
CVE-2014-5088
|
2024-11-21 11:11 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282634
|
- |
|
sphider
|
sphider
|
Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (…
|
CWE-89
SQL Injection
|
CVE-2014-5082
|
2024-11-21 11:11 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282635
|
- |
|
redhat
opensuse
|
enterprise_linux
opensuse
enterprise_virtualization
libvirt
|
libvirt 1.0.0 through 1.2.x before 1.2.5, when fine grained access control is enabled, allows local users to read arbitrary files via a crafted XML document containing an XML external entity declarat…
|
CWE-20
Improper Input Validation
|
CVE-2014-5177
|
2024-11-21 11:11 |
2014-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282636
|
- |
|
wireshark
|
wireshark
|
The dissect_ber_constrained_bitstring function in epan/dissectors/packet-ber.c in the ASN.1 BER dissector in Wireshark 1.10.x before 1.10.9 does not properly validate padding values, which allows rem…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-5165
|
2024-11-21 11:11 |
2014-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282637
|
- |
|
wireshark
|
wireshark
|
The rlc_decode_li function in epan/dissectors/packet-rlc.c in the RLC dissector in Wireshark 1.10.x before 1.10.9 initializes a certain structure member only after this member is used, which allows r…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-5164
|
2024-11-21 11:11 |
2014-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282638
|
- |
|
wireshark
|
wireshark
|
The APN decode functionality in (1) epan/dissectors/packet-gtp.c and (2) epan/dissectors/packet-gsm_a_gm.c in the GTP and GSM Management dissectors in Wireshark 1.10.x before 1.10.9 does not complete…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-5163
|
2024-11-21 11:11 |
2014-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282639
|
- |
|
wireshark
|
wireshark
|
The read_new_line function in wiretap/catapult_dct2000.c in the Catapult DCT2000 dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' and '\r' characters, which allows remote atta…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-5162
|
2024-11-21 11:11 |
2014-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282640
|
- |
|
wireshark
|
wireshark
|
The dissect_log function in plugins/irda/packet-irda.c in the IrDA dissector in Wireshark 1.10.x before 1.10.9 does not properly strip '\n' characters, which allows remote attackers to cause a denial…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-5161
|
2024-11-21 11:11 |
2014-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
