|
285611
|
- |
|
doug_poulin
|
command_school_student_management_system
|
Multiple cross-site scripting (XSS) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to inject arbitrary web script or HTML via the (1) topic parameter to sw…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1914
|
2024-11-21 11:05 |
2014-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285612
|
- |
|
opera
|
opera_browser
|
Opera before 19 on Mac OS X allows user-assisted remote attackers to spoof the address bar via vectors involving a drag-and-drop operation.
|
NVD-CWE-noinfo
|
CVE-2014-1870
|
2024-11-21 11:05 |
2014-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285613
|
- |
|
devscripts_devel_team
|
devscripts
|
Directory traversal vulnerability in uupdate in devscripts 2.14.1 allows remote attackers to modify arbitrary files via a crafted .orig.tar file, related to a symlink.
|
CWE-22
Path Traversal
|
CVE-2014-1833
|
2024-11-21 11:05 |
2014-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285614
|
- |
|
stackideas
|
komento
|
Cross-site scripting (XSS) vulnerability in the StackIdeas Komento (com_komento) component before 1.7.4 for Joomla! allows remote attackers to inject arbitrary web script or HTML via vectors related …
|
CWE-79
Cross-site Scripting
|
CVE-2014-1837
|
2024-11-21 11:05 |
2014-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285615
|
3.3 |
LOW
Local
|
canonical
|
ubuntu-ui-toolkit
|
On desktop, Ubuntu UI Toolkit's StateSaver would serialise data on tmp/ files which an attacker could use to expose potentially sensitive data. StateSaver would also open files without the O_EXCL fla…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2014-1420
|
2024-11-21 11:04 |
2020-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285616
|
5.0 |
MEDIUM
Local
|
canonical
|
trust-store_\(ubuntu\)
trust-store_\(ubuntu_rtm\)
|
In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. T…
|
CWE-732
Incorrect Permission Assignment for Critical Resource
|
CVE-2014-1422
|
2024-11-21 11:04 |
2020-07-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285617
|
5.5 |
MEDIUM
Local
|
signond_project
ubports
|
signond
ubuntu_touch
|
signond before 8.57+15.04.20141127.1-0ubuntu1, as used in Ubuntu Touch, did not properly restrict applications from querying oath tokens due to incorrect checks and the missing installation of the si…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2014-1423
|
2024-11-21 11:04 |
2020-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285618
|
9.8 |
CRITICAL
Network
|
magento
|
advanced_newsletter
|
SQL Injection exists in Advanced Newsletter Magento extension before 2.3.5 via the /store/advancednewsletter/index/subscribeajax/an_category_id/ PATH_INFO.
|
CWE-89
SQL Injection
|
CVE-2014-1634
|
2024-11-21 11:04 |
2020-03-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285619
|
6.5 |
MEDIUM
Network
|
promotic
|
promotic
|
Microsys PROMOTIC 8.2.13 contains an ActiveX Control Start Buffer Overflow vulnerability which can lead to denial of service.
|
CWE-120
Classic Buffer Overflow
|
CVE-2014-1617
|
2024-11-21 11:04 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285620
|
9.1 |
CRITICAL
Network
|
mobileiron
|
virtual_smartphone_platform
sentry
|
MobileIron VSP versions prior to 5.9.1 and Sentry versions prior to 5.0 have an authentication bypass vulnerability due to an XML file with obfuscated passwords
|
CWE-91
Blind XPath Injection
|
CVE-2014-1409
|
2024-11-21 11:04 |
2020-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
