|
285211
|
- |
|
anonymous_posting_project
|
anonymous_posting
|
Cross-site scripting (XSS) vulnerability in the Anonymous Posting module 7.x-1.2 and 7.x-1.3 for Drupal allows remote attackers to inject arbitrary web script or HTML via the contact name field.
|
CWE-79
Cross-site Scripting
|
CVE-2014-1611
|
2024-11-21 11:04 |
2014-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285212
|
- |
|
skybluecanvas
|
skybluecanvas
|
The bashMail function in cms/data/skins/techjunkie/fragments/contacts/functions.php in SkyBlueCanvas CMS before 1.1 r248-04, when the pid parameter is 4, allows remote attackers to execute arbitrary …
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2014-1683
|
2024-11-21 11:04 |
2014-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285213
|
- |
|
openbsd
|
openssh
|
The hash_buffer function in schnorr.c in OpenSSH through 6.4, when Makefile.inc is modified to enable the J-PAKE protocol, does not initialize certain data structures, which might allow remote attack…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-1692
|
2024-11-21 11:04 |
2014-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285214
|
- |
|
google
|
chrome
|
Multiple unspecified vulnerabilities in Google Chrome before 32.0.1700.102 have unknown impact and attack vectors, related to 12 "security fixes [that were not] either contributed by external researc…
|
NVD-CWE-noinfo
|
CVE-2014-1681
|
2024-11-21 11:04 |
2014-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285215
|
- |
|
debian
|
axiom
|
axiom-test.sh in axiom 20100701-1.1 uses tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows local users to overwrite …
|
CWE-59
Link Following
|
CVE-2014-1640
|
2024-11-21 11:04 |
2014-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285216
|
- |
|
debian
|
syncevolution
|
syncevo/installcheck-local.sh in syncevolution before 1.3.99.7 uses mktemp to create a safe temporary file but appends a suffix to the original filename and writes to this new filename, which allows …
|
CWE-59
Link Following
|
CVE-2014-1639
|
2024-11-21 11:04 |
2014-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285217
|
- |
|
debian
|
localepurge
|
(1) debian/postrm and (2) debian/localepurge.config in localepurge before 0.7.3.2 use tempfile to create a safe temporary file but appends a suffix to the original filename and writes to this new fil…
|
CWE-59
Link Following
|
CVE-2014-1638
|
2024-11-21 11:04 |
2014-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285218
|
- |
|
python
|
pyxdg
|
Race condition in the xdg.BaseDirectory.get_runtime_dir function in python-xdg 0.25 allows local users to overwrite arbitrary files by pre-creating /tmp/pyxdg-runtime-dir-fallback-victim to point to …
|
CWE-59
Link Following
|
CVE-2014-1624
|
2024-11-21 11:04 |
2014-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285219
|
- |
|
python
|
rply
|
The parser cache functionality in parsergenerator.py in RPLY (aka python-rply) before 0.7.1 allows local users to spoof cache data by pre-creating a temporary rply-*.json file with a predictable name.
|
NVD-CWE-Other
|
CVE-2014-1604
|
2024-11-21 11:04 |
2014-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285220
|
- |
|
citrix
|
gotomeeting
|
The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens …
|
CWE-200
Information Exposure
|
CVE-2014-1664
|
2024-11-21 11:04 |
2014-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
