|
279051
|
5.5 |
MEDIUM
Local
|
busybox
|
busybox
|
The add_probe function in modutils/modprobe.c in BusyBox before 1.23.0 allows local users to bypass intended restrictions on loading kernel modules via a / (slash) character in a module name, as demo…
|
CWE-20
Improper Input Validation
|
CVE-2014-9645
|
2024-11-21 11:21 |
2017-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279052
|
6.1 |
MEDIUM
Network
|
bilboplanet
|
bilboplanet
|
Multiple cross-site scripting (XSS) vulnerabilities in Bilboplanet 2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) tribe_name or (2) tags parameter in a tribes page requ…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9916
|
2024-11-21 11:21 |
2017-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279053
|
6.1 |
MEDIUM
Network
|
alinto
|
sogo
|
Multiple cross-site scripting (XSS) vulnerabilities in the Web Calendar in SOGo before 2.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title of an appointment or (2) c…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9905
|
2024-11-21 11:21 |
2017-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279054
|
6.1 |
MEDIUM
Network
|
gosa_project
|
gosa
|
Cross-site scripting (XSS) vulnerability in the displayLogin function in html/index.php in GOsa allows remote attackers to inject arbitrary web script or HTML via the username.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9760
|
2024-11-21 11:21 |
2017-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279055
|
7.8 |
HIGH
Local
|
linux
google
|
linux_kernel
android
|
Race condition in the ip4_datagram_release_cb function in net/ipv4/datagram.c in the Linux kernel before 3.15.2 allows local users to gain privileges or cause a denial of service (use-after-free) by …
|
CWE-362
CWE-416
Race Condition
Use After Free
|
CVE-2014-9914
|
2024-11-21 11:21 |
2017-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279056
|
6.1 |
MEDIUM
Network
|
nodejs
|
node.js
|
The validator package before 2.0.0 for Node.js allows remote attackers to bypass the cross-site scripting (XSS) filter via hex-encoded characters.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9772
|
2024-11-21 11:21 |
2017-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279057
|
7.5 |
HIGH
Network
|
viprinet
|
multichannel_vpn_router_300_firmware
|
The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before…
|
CWE-20
Improper Input Validation
|
CVE-2014-9755
|
2024-11-21 11:21 |
2017-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279058
|
5.9 |
MEDIUM
Network
|
viprinet
|
multichannel_vpn_router_300_firmware
|
The hardware VPN client in Viprinet MultichannelVPN Router 300 version 2013070830/2013080900 does not validate the remote VPN endpoint identity (through the checking of the endpoint's SSL key) before…
|
CWE-20
Improper Input Validation
|
CVE-2014-9754
|
2024-11-21 11:21 |
2017-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279059
|
4.0 |
MEDIUM
Local
|
unzip_project
|
unzip
|
Buffer overflow in the list_files function in list.c in Info-Zip UnZip 6.0 allows remote attackers to cause a denial of service (crash) via vectors related to the compression method.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-9913
|
2024-11-21 11:21 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279060
|
7.0 |
HIGH
Local
|
google
|
android
|
An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of the kernel. This issue is rated as High…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9910
|
2024-11-21 11:21 |
2017-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
