|
278801
|
- |
|
twiki
|
twiki
|
Incomplete blacklist vulnerability in the urlEncode function in lib/TWiki.pm in TWiki 6.0.0 and 6.0.1 allows remote attackers to conduct cross-site scripting (XSS) attacks via a "'" (single quote) in…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9367
|
2024-11-21 11:20 |
2015-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278802
|
- |
|
twiki
|
twiki
|
Multiple cross-site scripting (XSS) vulnerabilities in TWiki 6.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERYSTRING variable in lib/TWiki.pm or (2) QUERYPARAMSTRI…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9325
|
2024-11-21 11:20 |
2015-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278803
|
- |
|
minibb
|
minibb
|
bb_func_unsub.php in MiniBB 3.1 before 20141127 uses an incorrect regular expression, which allows remote attackers to conduct SQl injection attacks via the code parameter in an unsubscribe action to…
|
CWE-89
SQL Injection
|
CVE-2014-9254
|
2024-11-21 11:20 |
2015-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278804
|
- |
|
php
|
php
|
The apprentice_load function in libmagic/apprentice.c in the Fileinfo component in PHP through 5.6.4 attempts to perform a free operation on a stack-based character array, which allows remote attacke…
|
CWE-17
Code
|
CVE-2014-9426
|
2024-11-21 11:20 |
2014-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278805
|
- |
|
php
apple
|
php
mac_os_x
|
Double free vulnerability in the zend_ts_hash_graceful_destroy function in zend_ts_hash.c in the Zend Engine in PHP through 5.5.20 and 5.6.x through 5.6.4 allows remote attackers to cause a denial of…
|
NVD-CWE-Other
|
CVE-2014-9425
|
2024-11-21 11:20 |
2014-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278806
|
- |
|
openbsd
|
libressl
|
Double free vulnerability in the ssl_parse_clienthello_use_srtp_ext function in d1_srtp.c in LibreSSL before 2.1.2 allows remote attackers to cause a denial of service or possibly have unspecified ot…
|
NVD-CWE-Other
|
CVE-2014-9424
|
2024-11-21 11:20 |
2014-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278807
|
- |
|
schneider_electric
|
proclima
|
Buffer overflow in an ActiveX control in MDraw30.ocx in Schneider Electric ProClima before 6.1.7 allows remote attackers to execute arbitrary code via unspecified vectors, a different vulnerability t…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-9188
|
2024-11-21 11:20 |
2014-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278808
|
- |
|
linux
|
linux_kernel
|
The rock_continue function in fs/isofs/rock.c in the Linux kernel through 3.18.1 does not restrict the number of Rock Ridge continuation entries, which allows local users to cause a denial of service…
|
CWE-399
Resource Management Errors
|
CVE-2014-9420
|
2024-11-21 11:20 |
2014-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278809
|
- |
|
linux
|
linux_kernel
|
The __switch_to function in arch/x86/kernel/process_64.c in the Linux kernel through 3.18.1 does not ensure that Thread Local Storage (TLS) descriptors are loaded before proceeding with other steps, …
|
CWE-200
Information Exposure
|
CVE-2014-9419
|
2024-11-21 11:20 |
2014-12-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278810
|
- |
|
huawei
|
espace_desktop
|
The eSpace Meeting ActiveX control (eSpaceStatusCtrl.dll) in Huawei eSpace Desktop before V200R001C03 allows local users to cause a denial of service (memory overflow) via unspecified vectors.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-9418
|
2024-11-21 11:20 |
2014-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
