|
283821
|
- |
|
owncloud
|
owncloud
|
ownCloud Server before 6.0.1 does not properly check permissions, which allows remote authenticated users to access arbitrary preview pictures via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3963
|
2024-11-21 11:09 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283822
|
- |
|
videos_tube_project
|
videos_tube
|
Multiple SQL injection vulnerabilities in Videos Tube 1.0 allow remote attackers to execute arbitrary SQL commands via the url parameter to (1) videocat.php or (2) single.php.
|
CWE-89
SQL Injection
|
CVE-2014-3962
|
2024-11-21 11:09 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283823
|
- |
|
xnau
|
participants_database
|
SQL injection vulnerability in the Export CSV page in the Participants Database plugin before 1.5.4.9 for WordPress allows remote attackers to execute arbitrary SQL commands via the query parameter i…
|
CWE-89
SQL Injection
|
CVE-2014-3961
|
2024-11-21 11:09 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283824
|
- |
|
opennms
|
opennms
|
Multiple cross-site scripting (XSS) vulnerabilities in OpenNMS before 1.12.7 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-3960
|
2024-11-21 11:09 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283825
|
- |
|
jo_hasenau
|
gridelements
|
Cross-site scripting (XSS) vulnerability in the layout wizard in the Grid Elements (gridelements) extension before 1.5.1 and 2.0.x before 2.0.3 for TYPO3 allows remote authenticated backend users to …
|
CWE-79
Cross-site Scripting
|
CVE-2014-3949
|
2024-11-21 11:09 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283826
|
- |
|
alex_kellner
|
powermail
|
Cross-site scripting (XSS) vulnerability in the HTML export wizard in the backend module in the powermail extension before 1.6.11 for TYPO3 allows remote attackers to inject arbitrary web script or H…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3948
|
2024-11-21 11:09 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283827
|
- |
|
ericom
|
accessnow_server
|
Stack-based buffer overflow in AccessServer32.exe in Ericom AccessNow Server allows remote attackers to execute arbitrary code via a request for a non-existent file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3913
|
2024-11-21 11:09 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283828
|
- |
|
freebsd
hp
fedoraproject
sendmail
|
freebsd
hpux
fedora
sendmail
|
The sm_close_on_exec function in conf.c in sendmail before 8.14.9 has arguments in the wrong order, and consequently skips setting expected FD_CLOEXEC flags, which allows local users to access uninte…
|
CWE-200
Information Exposure
|
CVE-2014-3956
|
2024-11-21 11:09 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283829
|
- |
|
f5
|
big-ip_protocol_security_module
big-ip_advanced_firewall_manager
big-ip_edge_gateway
big-ip_local_traffic_manager
big-ip_wan_optimization_manager
big-ip_link_controller
big-ip_appli…
|
Cross-site scripting (XSS) vulnerability in list.jsp in the Configuration utility in F5 BIG-IP LTM, AFM, Analytics, APM, ASM, GTM, and Link Controller 11.2.1 through 11.5.1, AAM 11.4.0 through 11.5.1…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3959
|
2024-11-21 11:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283830
|
- |
|
typo3
|
typo3
|
The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary …
|
CWE-200
Information Exposure
|
CVE-2014-3946
|
2024-11-21 11:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
