|
279781
|
- |
|
smarty
|
smarty
|
Smarty before 3.1.21 allows remote attackers to bypass the secure mode restrictions and execute arbitrary PHP code as demonstrated by "{literal}<{/literal}script language=php>" in a template.
|
CWE-94
Code Injection
|
CVE-2014-8350
|
2024-11-21 11:18 |
2014-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279782
|
- |
|
opensuse
canonical
ruby-lang
redhat
|
opensuse
ubuntu_linux
ruby
enterprise_linux
|
The REXML parser in Ruby 1.9.x before 1.9.3-p550, 2.0.x before 2.0.0-p594, and 2.1.x before 2.1.4 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML document,…
|
NVD-CWE-Other
|
CVE-2014-8080
|
2024-11-21 11:18 |
2014-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279783
|
- |
|
linksys
|
ea3500_firmware
ea3500
ea6700_firmware
ea6700
ea6500_firmware
ea6500
ea4500_firmware
ea4500
ea6900_firmware
ea6900
ea2700_firmware
ea2700
ea6400_firmware
ea6400…
|
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300,…
|
CWE-200
Information Exposure
|
CVE-2014-8244
|
2024-11-21 11:18 |
2014-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279784
|
- |
|
linksys
|
ea4500_firmware
ea4500
ea6500_firmware
ea6500
ea6400_firmware
ea6400
e4200v2_firmware
e4200v2
ea6300_firmware
ea6300
ea6900_firmware
ea6900
ea2700_firmware
ea27…
|
Linksys SMART WiFi firmware on EA2700 and EA3500 devices; before 2.1.41 build 162351 on E4200v2 and EA4500 devices; before 1.1.41 build 162599 on EA6200 devices; before 1.1.40 build 160989 on EA6300,…
|
CWE-310
Cryptographic Issues
|
CVE-2014-8243
|
2024-11-21 11:18 |
2014-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279785
|
- |
|
wp-dbmanager_project
|
wp-dbmanager
|
The WP-DBManager (aka Database Manager) plugin before 2.7.2 for WordPress allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) $backup['filepath'] (aka …
|
CWE-78
OS Command
|
CVE-2014-8334
|
2024-11-21 11:18 |
2014-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279786
|
- |
|
redhat
openstack
|
openstack
nova
|
The VMware driver in OpenStack Compute (Nova) before 2014.1.4 allows remote authenticated users to cause a denial of service (disk consumption) by deleting an instance in the resize state.
|
CWE-399
Resource Management Errors
|
CVE-2014-8333
|
2024-11-21 11:18 |
2014-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279787
|
- |
|
testlink
|
testlink
|
lib/functions/database.class.php in TestLink before 1.9.13 allows remote attackers to obtain sensitive information via unspecified vectors, which reveals the installation path in an error message.
|
CWE-200
Information Exposure
|
CVE-2014-8082
|
2024-11-21 11:18 |
2014-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279788
|
- |
|
testlink
|
testlink
|
lib/execute/execSetResults.php in TestLink before 1.9.13 allows remote attackers to conduct PHP object injection attacks and execute arbitrary PHP code via the filter_result_result parameter.
|
CWE-94
Code Injection
|
CVE-2014-8081
|
2024-11-21 11:18 |
2014-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279789
|
- |
|
espocrm
|
espocrm
|
Cross-site scripting (XSS) vulnerability in EspoCRM before 2.6.0 allows remote attackers to inject arbitrary web script or HTML via the desc parameter in an errors action to install/index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2014-7987
|
2024-11-21 11:18 |
2014-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279790
|
- |
|
espocrm
|
espocrm
|
install/index.php in EspoCRM before 2.6.0 allows remote attackers to re-install the application via a 1 value in the installProcess parameter.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7986
|
2024-11-21 11:18 |
2014-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
