|
286971
|
- |
|
tenda
|
a5s_firmware
a5s
|
The Shenzhen Tenda Technology Tenda A5s router with firmware 3.02.05_CN allows remote attackers to bypass authentication and gain administrator access by setting the admin:language cookie to zh-cn.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5246
|
2024-11-21 11:11 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286972
|
- |
|
opensuse
xen
|
opensuse
xen
|
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x, when using shadow pagetables, are not preemptible, which allows local HVM guest to cause a denial of service (vcpu consumption) by in…
|
CWE-399
Resource Management Errors
|
CVE-2014-5149
|
2024-11-21 11:11 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286973
|
- |
|
opensuse
xen
|
opensuse
xen
|
Certain MMU virtualization operations in Xen 4.2.x through 4.4.x before the xsa97-hap patch, when using Hardware Assisted Paging (HAP), are not preemptible, which allows local HVM guest to cause a de…
|
CWE-399
Resource Management Errors
|
CVE-2014-5146
|
2024-11-21 11:11 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286974
|
- |
|
esri
|
arcgis_server
|
Open redirect vulnerability in ESRI ArcGIS for Server 10.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via an unspecified parameter, related to log…
|
NVD-CWE-Other
|
CVE-2014-5122
|
2024-11-21 11:11 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286975
|
- |
|
esri
|
arcgis_server
|
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1.1 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
|
CWE-79
Cross-site Scripting
|
CVE-2014-5121
|
2024-11-21 11:11 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286976
|
- |
|
freereprintables
|
articlefr
|
Multiple SQL injection vulnerabilities in Free Reprintables ArticleFR 3.0.4 and earlier allow remote attackers to execute arbitrary SQL commands via the id parameter in a (1) get or (2) set action to…
|
CWE-89
SQL Injection
|
CVE-2014-5097
|
2024-11-21 11:11 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286977
|
- |
|
phpmyadmin
opensuse
|
phpmyadmin
opensuse
|
Cross-site scripting (XSS) vulnerability in the view operations page in phpMyAdmin 4.1.x before 4.1.14.3 and 4.2.x before 4.2.7.1 allows remote authenticated users to inject arbitrary web script or H…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5274
|
2024-11-21 11:11 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286978
|
- |
|
phpmyadmin
|
phpmyadmin
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web scrip…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5273
|
2024-11-21 11:11 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286979
|
- |
|
shopizer
|
shopizer
|
com/salesmanager/central/profile/ProfileAction.java in Shopizer 1.1.5 and earlier does not restrict the number of authentication attempts, which makes it easier for remote attackers to guess password…
|
CWE-287
Improper Authentication
|
CVE-2014-5385
|
2024-11-21 11:11 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286980
|
- |
|
freebsd
netbsd
|
freebsd
netbsd
|
The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-5384
|
2024-11-21 11:11 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
