|
282541
|
- |
|
iii
|
encore_discovery_solution
|
Innovative Interfaces Encore Discovery Solution 4.3 places a session token in the URI, which might allow remote attackers to obtain sensitive information via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2014-5128
|
2024-11-21 11:11 |
2014-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282542
|
- |
|
iii
|
encore_discovery_solution
|
Open redirect vulnerability in Innovative Interfaces Encore Discovery Solution 4.3 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in an unspec…
|
NVD-CWE-Other
|
CVE-2014-5127
|
2024-11-21 11:11 |
2014-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282543
|
- |
|
zohocorp
|
manageengine_eventlog_analyzer
|
Multiple cross-site scripting (XSS) vulnerabilities in event/index2.do in ManageEngine EventLog Analyzer before 9.0 build 9002 allow remote attackers to inject arbitrary web script or HTML via the (1…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4930
|
2024-11-21 11:11 |
2014-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282544
|
- |
|
invensys
|
wonderware_information_server
|
SQL injection vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2014-5399
|
2024-11-21 11:11 |
2014-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282545
|
- |
|
invensys
|
wonderware_information_server
|
Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to read arbitrary files or cause a denial of service via an XML external entity declaration i…
|
CWE-20
Improper Input Validation
|
CVE-2014-5398
|
2024-11-21 11:11 |
2014-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282546
|
- |
|
invensys
|
wonderware_information_server
|
Cross-site scripting (XSS) vulnerability in Schneider Electric Wonderware Information Server (WIS) Portal 4.0 SP1 through 5.5 allows remote attackers to inject arbitrary web script or HTML via unspec…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5397
|
2024-11-21 11:11 |
2014-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282547
|
- |
|
monkey-project
|
monkey
|
Monkey HTTP Server before 1.5.3, when the File Descriptor Table (FDT) is enabled and custom error messages are set, allows remote attackers to cause a denial of service (file descriptor consumption) …
|
CWE-20
Improper Input Validation
|
CVE-2014-5336
|
2024-11-21 11:11 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282548
|
- |
|
pandasecurity
|
panda_av_pro_2014
panda_internet_security_2014
panda_global_protection_2014
|
Heap-based buffer overflow in the PavTPK.sys kernel mode driver of Panda Security 2014 products before hft131306s24_r1 allows local users to gain privileges via a crafted argument to a 0x222008 IOCTL…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-5307
|
2024-11-21 11:11 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282549
|
- |
|
qemu
|
qemu
|
vmstate_xhci_event in hw/usb/hcd-xhci.c in QEMU 1.6.0 does not terminate the list with the VMSTATE_END_OF_LIST macro, which allows attackers to cause a denial of service (out-of-bounds access, infini…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-5263
|
2024-11-21 11:11 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282550
|
- |
|
opendaylight
|
opendaylight
|
The Netconf (TCP) service in OpenDaylight 1.0 allows remote attackers to read arbitrary files via an XML external entity declaration in conjunction with an entity reference in an XML-RPC message, rel…
|
NVD-CWE-Other
|
CVE-2014-5035
|
2024-11-21 11:11 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
