|
280401
|
- |
|
mediawiki
|
mediawiki
|
The (1) Special:Preferences and (2) Special:UserLogin pages in MediaWiki before 1.19.20, 1.22.x before 1.22.12 and 1.23.x before 1.23.5 allows remote authenticated users to conduct cross-site scripti…
|
CWE-79
Cross-site Scripting
|
CVE-2014-7295
|
2024-11-21 11:16 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280402
|
- |
|
freepbx
sangoma
|
freepbx
|
htdocs_ari/includes/login.php in the ARI Framework module/Asterisk Recording Interface (ARI) in FreePBX before 2.9.0.9, 2.10.x, and 2.11 before 2.11.1.5 allows remote attackers to execute arbitrary c…
|
CWE-94
Code Injection
|
CVE-2014-7235
|
2024-11-21 11:16 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280403
|
- |
|
canonical
debian
mageia
|
ubuntu_linux
debian_linux
exuberant_ctags
mageia
|
jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk consumption) via a crafted JavaScript file.
|
CWE-399
Resource Management Errors
|
CVE-2014-7204
|
2024-11-21 11:16 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280404
|
- |
|
golang
|
go
|
crpyto/tls in Go 1.1 before 1.3.2, when SessionTicketsDisabled is enabled, allows man-in-the-middle attackers to spoof clients via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7189
|
2024-11-21 11:16 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280405
|
- |
|
zyxel
|
sbg3300-n_firmware
sbg3300-n
|
The login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to cause a denial of service (persistent web-interface outage) via JavaScript co…
|
CWE-20
Improper Input Validation
|
CVE-2014-7278
|
2024-11-21 11:16 |
2014-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280406
|
- |
|
zyxel
|
sbg3300-n_firmware
sbg3300-n
|
Cross-site scripting (XSS) vulnerability in the login page on the ZyXEL SBG-3300 Security Gateway with firmware 1.00(AADY.4)C0 and earlier allows remote attackers to inject arbitrary web script or HT…
|
CWE-79
Cross-site Scripting
|
CVE-2014-7277
|
2024-11-21 11:16 |
2014-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280407
|
- |
|
phpmyadmin
|
phpmyadmin
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.4, 4.1.x before 4.1.14.5, and 4.2.x before 4.2.9.1 allow remote authenticated users to inject arbitrary web scrip…
|
CWE-79
Cross-site Scripting
|
CVE-2014-7217
|
2024-11-21 11:16 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280408
|
- |
|
xen
|
xen
|
The hvm_msr_read_intercept function in arch/x86/hvm/hvm.c in Xen 4.1 through 4.4.x uses an improper MSR range for x2APIC emulation, which allows local HVM guests to cause a denial of service (host cr…
|
CWE-399
Resource Management Errors
|
CVE-2014-7188
|
2024-11-21 11:16 |
2014-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280409
|
- |
|
exinda
|
wan_optimization_suite
|
Cross-site request forgery (CSRF) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to hijack the authentication of administrators for requests that change the admin…
|
CWE-352
Origin Validation Error
|
CVE-2014-7158
|
2024-11-21 11:16 |
2014-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280410
|
- |
|
exinda
|
wan_optimization_suite
|
Cross-site scripting (XSS) vulnerability in Exinda WAN Optimization Suite 7.0.0 (2160) allows remote attackers to inject arbitrary web script or HTML via the tabsel parameter to admin/launch.
|
CWE-79
Cross-site Scripting
|
CVE-2014-7157
|
2024-11-21 11:16 |
2014-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
