|
279221
|
- |
|
modwsgi
|
mod_wsgi
|
mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecifie…
|
CWE-254
7PK - Security Features
|
CVE-2014-8583
|
2024-11-21 11:19 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279222
|
- |
|
google
|
android
|
AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitr…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8610
|
2024-11-21 11:19 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279223
|
- |
|
google
|
android
|
The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8609
|
2024-11-21 11:19 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279224
|
- |
|
google
|
android
|
Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow rem…
|
CWE-89
SQL Injection
|
CVE-2014-8507
|
2024-11-21 11:19 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279225
|
- |
|
k7computing
|
k7av_sentry_device_driver
|
The K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to cause a denial of service (NULL pointer derefer…
|
NVD-CWE-Other
|
CVE-2014-8608
|
2024-11-21 11:19 |
2014-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279226
|
- |
|
bittorrent
|
bittorrent
|
The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000.
|
CWE-77
Command Injection
|
CVE-2014-8515
|
2024-11-21 11:19 |
2014-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279227
|
- |
|
pingidentity
|
pingfederate
|
Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via…
|
NVD-CWE-Other
|
CVE-2014-8489
|
2024-11-21 11:19 |
2014-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279228
|
- |
|
mozilla
|
firefox
seamonkey
|
The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass in…
|
CWE-284
Improper Access Control
|
CVE-2014-8632
|
2024-11-21 11:19 |
2014-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279229
|
- |
|
mozilla
|
firefox
seamonkey
|
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object …
|
CWE-284
Improper Access Control
|
CVE-2014-8631
|
2024-11-21 11:19 |
2014-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279230
|
- |
|
isc
|
bind
|
The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP database…
|
CWE-20
CWE-284
Improper Input Validation
Improper Access Control
|
CVE-2014-8680
|
2024-11-21 11:19 |
2014-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
