|
283531
|
- |
|
microsoft
|
.net_framework
|
Microsoft .NET Framework 2.0 SP2, 3.5, and 3.5.1 omits the ASLR protection mechanism, which allows remote attackers to obtain potentially sensitive information about memory addresses by leveraging th…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4122
|
2024-11-21 11:09 |
2014-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283532
|
- |
|
microsoft
|
.net_framework
|
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 does not properly parse internationalized resource identifiers, which allows remote attackers to execute arbitrary code or cause…
|
CWE-399
Resource Management Errors
|
CVE-2014-4121
|
2024-11-21 11:09 |
2014-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283533
|
- |
|
microsoft
|
word_web_apps
office
word
sharepoint_server
office_compatibility_pack
|
Microsoft Office 2007 SP3, Word 2007 SP3, Office 2010 SP1 and SP2, Word 2010 SP1 and SP2, Office for Mac 2011, Office Compatibility Pack SP3, Word Automation Services on SharePoint Server 2010 SP1 an…
|
CWE-20
Improper Input Validation
|
CVE-2014-4117
|
2024-11-21 11:09 |
2014-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283534
|
- |
|
microsoft
|
windows_server_2003
windows_vista
windows_server_2008
|
fastfat.sys (aka the FASTFAT driver) in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Vista SP2, and Server 2008 SP2 does not properly allocate memory, which allows physically proxima…
|
CWE-399
Resource Management Errors
|
CVE-2014-4115
|
2024-11-21 11:09 |
2014-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283535
|
- |
|
microsoft
|
asp.net_model_view_controller
|
Cross-site scripting (XSS) vulnerability in System.Web.Mvc.dll in Microsoft ASP.NET Model View Controller (MVC) 2.0 through 5.1 allows remote attackers to inject arbitrary web script or HTML via a cr…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4075
|
2024-11-21 11:09 |
2014-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283536
|
- |
|
microsoft
|
.net_framework
|
Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, 4.5, 4.5.1, and 4.5.2 processes unverified data during interaction with the ClickOnce installer, which allows remote attackers to gain privileges via …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4073
|
2024-11-21 11:09 |
2014-10-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283537
|
- |
|
epicor
|
epicor_procurement
|
SQL injection vulnerability in Epicor Procurement before 7.4 SP2 allows remote attackers to execute arbitrary SQL commands via the User field.
|
CWE-89
SQL Injection
|
CVE-2014-4313
|
2024-11-21 11:09 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283538
|
- |
|
epicor
|
epicor_enterprise
|
Multiple cross-site scripting (XSS) vulnerabilities in Epicor Enterprise 7.4 before FS74SP6_HotfixTL054181 allow remote attackers to inject arbitrary web script or HTML via the (1) Notes section to O…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4312
|
2024-11-21 11:09 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283539
|
- |
|
gnu
opensuse
|
glibc
opensuse
|
The posix_spawn_file_actions_addopen function in glibc before 2.20 does not copy its path argument in accordance with the POSIX specification, which allows context-dependent attackers to trigger use-…
|
CWE-94
Code Injection
|
CVE-2014-4043
|
2024-11-21 11:09 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283540
|
- |
|
alex_kellner
|
powermail
|
Unrestricted file upload vulnerability in the powermail extension before 1.6.11 and 2.x before 2.0.14 for TYPO3 allows remote attackers to execute arbitrary code by uploading a file with a crafted ex…
|
CWE-94
Code Injection
|
CVE-2014-3947
|
2024-11-21 11:09 |
2014-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
