|
290251
|
- |
|
owncloud
|
owncloud
|
The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2049
|
2024-11-21 11:05 |
2014-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290252
|
- |
|
owncloud
|
owncloud
|
Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vect…
|
CWE-287
Improper Authentication
|
CVE-2014-2047
|
2024-11-21 11:05 |
2014-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290253
|
- |
|
file_project
php
debian
canonical
opensuse
|
file
php
debian_linux
ubuntu_linux
opensuse
|
softmagic.c in file before 5.17 and libmagic allows context-dependent attackers to cause a denial of service (out-of-bounds memory access and crash) via crafted offsets in the softmagic of a PE execu…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-2270
|
2024-11-21 11:05 |
2014-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290254
|
- |
|
openclassifieds
|
open_classifieds_2
|
Cross-site scripting (XSS) vulnerability in classes/controller/error.php in Open Classifieds 2 before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to shared-…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2024
|
2024-11-21 11:05 |
2014-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290255
|
- |
|
rocklobster
|
contact_form_7
|
Rock Lobster Contact Form 7 before 3.7.2 allows remote attackers to bypass the CAPTCHA protection mechanism and submit arbitrary form data by omitting the _wpcf7_captcha_challenge_captcha-719 paramet…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2265
|
2024-11-21 11:05 |
2014-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290256
|
- |
|
procentia
|
intellipen
|
SQL injection vulnerability in Resources/System/Templates/Data.aspx in Procentia IntelliPen before 1.1.18.1658 allows remote authenticated users to execute arbitrary SQL commands via the value parame…
|
CWE-89
SQL Injection
|
CVE-2014-2043
|
2024-11-21 11:05 |
2014-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290257
|
- |
|
dokeos_project
|
dokeos
|
Multiple cross-site scripting (XSS) vulnerabilities in Dokeos 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) Phone, (2) Street, (3) Address line, (4) Zip code, or (5)…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1877
|
2024-11-21 11:05 |
2014-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290258
|
- |
|
freetype
|
freetype
|
Stack-based buffer overflow in the cf2_hintmap_build function in cff/cf2hints.c in FreeType before 2.5.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary co…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-2240
|
2024-11-21 11:05 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290259
|
- |
|
opensuse
logilab
|
opensuse
logilab-common
|
The Execute class in shellutils in logilab-commons before 0.61.0 uses tempfile.mktemp, which allows local users to have an unspecified impact by pre-creating the temporary file.
|
NVD-CWE-noinfo
|
CVE-2014-1839
|
2024-11-21 11:05 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290260
|
- |
|
opensuse
logilab
|
opensuse
logilab-common
|
The (1) extract_keys_from_pdf and (2) fill_pdf functions in pdf_ext.py in logilab-commons before 0.61.0 allows local users to overwrite arbitrary files and possibly have other unspecified impact via …
|
CWE-59
Link Following
|
CVE-2014-1838
|
2024-11-21 11:05 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
