|
286891
|
- |
|
moodle
|
moodle
|
The forum_print_latest_discussions function in mod/forum/lib.php in Moodle through 2.4.11, 2.5.x before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2 allows remote authenticated users to bypass t…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3617
|
2024-11-21 11:08 |
2014-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286892
|
- |
|
spiceworks
|
spiceworks
|
Cross-site scripting (XSS) vulnerability in SpiceWorks before 7.2.00195 allows remote authenticated users to inject arbitrary web script or HTML via the Summary field in a ticket request to the porta…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3740
|
2024-11-21 11:08 |
2014-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286893
|
- |
|
squid-cache
|
squid
|
HttpHdrRange.cc in Squid 3.x before 3.3.12 and 3.4.x before 3.4.6 allows remote attackers to cause a denial of service (crash) via a request with crafted "Range headers with unidentifiable byte-range…
|
CWE-20
Improper Input Validation
|
CVE-2014-3609
|
2024-11-21 11:08 |
2014-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286894
|
- |
|
procmail
canonical
|
procmail
ubuntu_linux
|
Heap-based buffer overflow in formisc.c in formail in procmail 3.22 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted email header, relate…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3618
|
2024-11-21 11:08 |
2014-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286895
|
- |
|
apache
|
poi
|
Apache POI before 3.10.1 and 3.11.x before 3.11-beta2 allows remote attackers to cause a denial of service (CPU consumption and crash) via a crafted OOXML file, aka an XML Entity Expansion (XEE) atta…
|
NVD-CWE-Other
|
CVE-2014-3574
|
2024-11-21 11:08 |
2014-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286896
|
- |
|
apache
|
poi
|
The OPC SAX setup in Apache POI before 3.10.1 allows remote attackers to read arbitrary files via an OpenXML file containing an XML external entity declaration in conjunction with an entity reference…
|
NVD-CWE-Other
|
CVE-2014-3529
|
2024-11-21 11:08 |
2014-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286897
|
- |
|
opensuse
suse
canonical
linux
|
evergreen
linux_enterprise_server
linux_enterprise_real_time_extension
suse_linux_enterprise_server
ubuntu_linux
linux_kernel
|
The kvm_iommu_map_pages function in virt/kvm/iommu.c in the Linux kernel through 3.16.1 miscalculates the number of pages during the handling of a mapping failure, which allows guest OS users to (1) …
|
CWE-189
Numeric Errors
|
CVE-2014-3601
|
2024-11-21 11:08 |
2014-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286898
|
- |
|
apache
|
axis
|
The getCN function in Apache Axis 1.4 and earlier does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certif…
|
NVD-CWE-Other
|
CVE-2014-3596
|
2024-11-21 11:08 |
2014-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286899
|
- |
|
redhat
apache
libreoffice
|
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
openoffice
libreoffice
|
The OLE preview generation in Apache OpenOffice before 4.1.1 and OpenOffice.org (OOo) might allow remote attackers to embed arbitrary data into documents via crafted OLE objects.
|
CWE-200
Information Exposure
|
CVE-2014-3575
|
2024-11-21 11:08 |
2014-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286900
|
- |
|
apache
libreoffice
|
openoffice
libreoffice
|
Apache OpenOffice before 4.1.1 allows remote attackers to execute arbitrary commands and possibly have other unspecified impact via a crafted Calc spreadsheet.
|
CWE-77
Command Injection
|
CVE-2014-3524
|
2024-11-21 11:08 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
