|
284711
|
- |
|
facebook
|
hiphop_virtual_machine
|
Cross-site scripting (XSS) vulnerability in the WddxPacket::recursiveAddVar function in HHVM (aka the HipHop Virtual Machine) before 3.5.0 allows remote attackers to inject arbitrary web script or HT…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9714
|
2024-11-21 11:21 |
2015-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284712
|
- |
|
openldap
debian
|
openldap
debian_linux
|
The default slapd configuration in the Debian openldap package 2.4.23-3 through 2.4.39-1.1 allows remote authenticated users to modify the user's permissions and other user attributes via unspecified…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9713
|
2024-11-21 11:21 |
2015-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284713
|
- |
|
oracle
embedthis
juniper
|
enterprise_communications_broker
appweb
junos
|
Embedthis Appweb before 4.6.6 and 5.x before 5.2.1 allows remote attackers to cause a denial of service (NULL pointer dereference) via a Range header with an empty value, as demonstrated by "Range: x…
|
CWE-476
NULL Pointer Dereference
|
CVE-2014-9708
|
2024-11-21 11:21 |
2015-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284714
|
- |
|
embedthis
|
goahead
|
EmbedThis GoAhead 3.0.0 through 3.4.1 does not properly handle path segments starting with a . (dot), which allows remote attackers to conduct directory traversal attacks, cause a denial of service (…
|
CWE-17
Code
|
CVE-2014-9707
|
2024-11-21 11:21 |
2015-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284715
|
- |
|
debian
dulwich_project
|
debian_linux
dulwich
|
The build_index_from_tree function in index.py in Dulwich before 0.9.9 allows remote attackers to execute arbitrary code via a commit with a directory path starting with .git/, which is not properly …
|
CWE-19
Data Processing Errors
|
CVE-2014-9706
|
2024-11-21 11:21 |
2015-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284716
|
- |
|
php
opensuse
libgd
debian
canonical
|
php
opensuse
libgd
debian_linux
ubuntu_linux
|
The GetCode_ function in gd_gif_in.c in GD 2.1.1 and earlier, as used in PHP before 5.5.21 and 5.6.x before 5.6.5, allows remote attackers to cause a denial of service (buffer over-read and applicati…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-9709
|
2024-11-21 11:21 |
2015-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284717
|
- |
|
php
|
php
|
Heap-based buffer overflow in the enchant_broker_request_dict function in ext/enchant/enchant.c in PHP before 5.4.38, 5.5.x before 5.5.22, and 5.6.x before 5.6.6 allows remote attackers to execute ar…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-9705
|
2024-11-21 11:21 |
2015-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284718
|
- |
|
file_project
php
debian
|
file
php
debian_linux
|
readelf.c in file before 5.22, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not consider that pread calls sometimes read only a subset of …
|
CWE-20
Improper Input Validation
|
CVE-2014-9653
|
2024-11-21 11:21 |
2015-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284719
|
- |
|
php
file_project
|
php
file
|
The mconvert function in softmagic.c in file before 5.21, as used in the Fileinfo component in PHP before 5.4.37, 5.5.x before 5.5.21, and 5.6.x before 5.6.5, does not properly handle a certain strin…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-9652
|
2024-11-21 11:21 |
2015-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284720
|
- |
|
websense
|
v-series_appliances
|
Websense TRITON V-Series appliances before 7.8.3 Hotfix 03 and 7.8.4 before Hotfix 01 allow remote administrators to read arbitrary files and obtain passwords via a crafted path.
|
CWE-200
Information Exposure
|
CVE-2014-9712
|
2024-11-21 11:21 |
2015-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
