|
279791
|
- |
|
espocrm
|
espocrm
|
Directory traversal vulnerability in EspoCRM before 2.6.0 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the action parameter to install/index.php.
|
CWE-22
Path Traversal
|
CVE-2014-7985
|
2024-11-21 11:18 |
2014-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279792
|
- |
|
hp
|
hp-ux
|
Unspecified vulnerability in the kernel in HP HP-UX B.11.31 allows local users to cause a denial of service via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2014-7877
|
2024-11-21 11:18 |
2014-10-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279793
|
- |
|
fal_sftp_project
|
fal_sftp
|
The fal_sftp extension before 0.2.6 for TYPO3 uses weak permissions for sFTP driver files and folders, which allows remote authenticated users to obtain sensitive information via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2014-8327
|
2024-11-21 11:18 |
2014-10-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279794
|
- |
|
samsung
|
findmymobile
mobile
|
The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (…
|
CWE-94
Code Injection
|
CVE-2014-8346
|
2024-11-21 11:18 |
2014-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279795
|
- |
|
openmrs
|
openmrs
|
Cross-site request forgery (CSRF) vulnerability in OpenMRS 2.1 Standalone Edition allows remote attackers to hijack the authentication of administrators for requests that add a new user via a Save Us…
|
CWE-352
Origin Validation Error
|
CVE-2014-8073
|
2024-11-21 11:18 |
2014-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279796
|
- |
|
openmrs
|
openmrs
|
The administration module in OpenMRS 2.1 Standalone Edition allows remote authenticated users to obtain read access via a direct request to /admin.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8072
|
2024-11-21 11:18 |
2014-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279797
|
- |
|
openmrs
|
openmrs
|
Multiple cross-site scripting (XSS) vulnerabilities in OpenMRS 2.1 Standalone Edition allow remote attackers to inject arbitrary web script or HTML via the (1) givenName, (2) familyName, (3) address1…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8071
|
2024-11-21 11:18 |
2014-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279798
|
- |
|
megapolis
|
megapolis.portal_manager
|
Multiple cross-site scripting (XSS) vulnerabilities in Megapolis.Portal Manager allow remote attackers to inject arbitrary web script or HTML via the (1) dateFrom or (2) dateTo parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-8381
|
2024-11-21 11:18 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279799
|
- |
|
calender_base_project
|
calender_base
|
The Calendar Base (cal) extension before 1.5.9 and 1.6.x before 1.6.1 for TYPO3 allows remote attackers to cause a denial of service (resource consumption) via vectors related to the PHP PCRE library.
|
CWE-399
Resource Management Errors
|
CVE-2014-8325
|
2024-11-21 11:18 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279800
|
- |
|
zend
|
zend_framework
|
The (1) Zend_Ldap class in Zend before 1.12.9 and (2) Zend\Ldap component in Zend 2.x before 2.2.8 and 2.3.x before 2.3.3 allows remote attackers to bypass authentication via a password starting with…
|
CWE-287
Improper Authentication
|
CVE-2014-8088
|
2024-11-21 11:18 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
