|
278281
|
6.5 |
MEDIUM
Network
|
open_atrium_project
|
open_atrium
|
The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging imp…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9503
|
2024-11-21 11:21 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278282
|
8.8 |
HIGH
Network
|
open_atrium_project
|
open_atrium
|
Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication …
|
CWE-352
Origin Validation Error
|
CVE-2014-9502
|
2024-11-21 11:21 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278283
|
5.5 |
MEDIUM
Local
|
minizip_project
|
minizip
|
Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry…
|
CWE-22
Path Traversal
|
CVE-2014-9485
|
2024-11-21 11:21 |
2018-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278284
|
9.8 |
CRITICAL
Network
|
dozer_project
|
dozer
|
Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2014-9515
|
2024-11-21 11:21 |
2017-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278285
|
9.8 |
CRITICAL
Network
|
nwjs
|
nw.js
|
nw.js before 0.11.5 can simulate user input events in a normal frame, which allows remote attackers to have unspecified impact via unknown vectors.
|
CWE-20
Improper Input Validation
|
CVE-2014-9733
|
2024-11-21 11:21 |
2017-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278286
|
7.5 |
HIGH
Network
|
huawei
|
usg9560_firmware
usg9520_firmware
usg9580_firmware
|
Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2014-9697
|
2024-11-21 11:21 |
2017-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278287
|
6.1 |
MEDIUM
Network
|
flowpaper
|
flexpaper
|
FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers to conduct content-spoofing attacks via the Swfile parameter.
|
CWE-20
Improper Input Validation
|
CVE-2014-9678
|
2024-11-21 11:21 |
2017-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278288
|
6.1 |
MEDIUM
Network
|
flowpaper
|
flexpaper
|
Cross-site scripting (XSS) vulnerability in FlexPaperViewer.swf in Flexpaper before 2.3.1 allows remote attackers to inject arbitrary web script or HTML via the Swfile parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9677
|
2024-11-21 11:21 |
2017-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278289
|
8.8 |
HIGH
Network
|
gollum_project
|
gollum
gollum-lib
grit_adapter
|
The gollum-grit_adapter Ruby gem dependency in gollum before 3.1.1 and the gollum-lib gem dependency in gollum-lib before 4.0.1 when the string "master" is in any of the wiki documents, allows remote…
|
CWE-284
Improper Access Control
|
CVE-2014-9489
|
2024-11-21 11:21 |
2017-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278290
|
9.8 |
CRITICAL
Network
|
mediawiki
|
mediawiki
|
The getid3 library in MediaWiki before 1.24.1, 1.23.8, 1.22.15 and 1.19.23 allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML Externa…
|
CWE-611
XXE
|
CVE-2014-9487
|
2024-11-21 11:21 |
2017-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
