|
282591
|
- |
|
social_stats_project
|
social_stats
|
Cross-site scripting (XSS) vulnerability in the Social Stats module before 7.x-1.5 for Drupal allows remote authenticated users with the "[Content Type]: Create new content" permission to inject arbi…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5456
|
2024-11-21 11:12 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282592
|
- |
|
privatetunnel
openvpn
|
privatetunnel
openvpn
|
Unquoted Windows search path vulnerability in the ptservice service prior to PrivateTunnel version 3.0 (Windows) and OpenVPN Connect version 3.1 (Windows) allows local users to gain privileges via a …
|
CWE-428
Unquoted Search Path or Element
|
CVE-2014-5455
|
2024-11-21 11:12 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282593
|
- |
|
sas
|
visual_analytics
|
Unrestricted file upload vulnerability in the image upload module in SAS Visual Analytics 6.4M1 allows remote authenticated users to execute arbitrary code by uploading a file with an executable exte…
|
NVD-CWE-Other
|
CVE-2014-5454
|
2024-11-21 11:12 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282594
|
- |
|
ubi
|
uplay_pc
|
Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: Full Control) for the program installation directory (%PROGRAMFILES%\Ubisoft Game Launcher), which allows local users to gain privil…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5453
|
2024-11-21 11:12 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282595
|
7.5 |
HIGH
Network
|
tripodworks
|
gigapod_officehard_firmware
gigapod_2010_firmware
gigapod_3_firmware
|
GIGAPOD file servers (Appliance model and Software model) provide two web interfaces, 80/tcp and 443/tcp for user operation, and 8001/tcp for administrative operation.
8001/tcp is served by a versio…
|
NVD-CWE-noinfo
|
CVE-2014-5329
|
2024-11-21 11:11 |
2023-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282596
|
9.8 |
CRITICAL
Network
|
redhat
|
ansible
|
Multiple argument injection vulnerabilities in Ansible before 1.6.7 allow remote attackers to execute arbitrary code by leveraging access to an Ansible managed host and providing a crafted fact, as d…
|
CWE-74
Injection
|
CVE-2014-4967
|
2024-11-21 11:11 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282597
|
9.8 |
CRITICAL
Network
|
redhat
|
ansible
|
Ansible before 1.6.7 does not prevent inventory data with "{{" and "lookup" substrings, and does not prevent remote data with "{{" substrings, which allows remote attackers to execute arbitrary code …
|
CWE-74
Injection
|
CVE-2014-4966
|
2024-11-21 11:11 |
2020-02-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282598
|
9.8 |
CRITICAL
Network
|
xorux
|
lpar2rrd
|
LPAR2RRD in 3.5 and earlier allows remote attackers to execute arbitrary commands due to insufficient input sanitization of the web GUI parameters.
|
CWE-78
OS Command
|
CVE-2014-4981
|
2024-11-21 11:11 |
2020-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282599
|
8.8 |
HIGH
Network
|
boatmob
|
boat_browser
|
The WebView class and use of the WebView.addJavascriptInterface method in the Boat Browser application 8.0 and 8.0.1 for Android allow remote attackers to execute arbitrary code via a crafted web sit…
|
NVD-CWE-noinfo
|
CVE-2014-4968
|
2024-11-21 11:11 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282600
|
8.8 |
HIGH
Network
|
sphider
sphider-plus
sphiderpro
|
sphider
sphider-plus
sphider_pro
|
A Command Execution vulnerability exists in Sphider Pro, and Sphider Plus 3.2 due to insufficient sanitization of fwrite to conf.php, which could let a remote malicious user execute arbitrary code. C…
|
CWE-74
Injection
|
CVE-2014-5086
|
2024-11-21 11:11 |
2020-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
