|
284631
|
- |
|
google
|
android
|
AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitr…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8610
|
2024-11-21 11:19 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284632
|
- |
|
google
|
android
|
The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8609
|
2024-11-21 11:19 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284633
|
- |
|
google
|
android
|
Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow rem…
|
CWE-89
SQL Injection
|
CVE-2014-8507
|
2024-11-21 11:19 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284634
|
- |
|
k7computing
|
k7av_sentry_device_driver
|
The K7Sentry.sys kernel mode driver (aka K7AV Sentry Device Driver) before 12.8.0.119, as used in multiple K7 Computing products, allows local users to cause a denial of service (NULL pointer derefer…
|
NVD-CWE-Other
|
CVE-2014-8608
|
2024-11-21 11:19 |
2014-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284635
|
- |
|
bittorrent
|
bittorrent
|
The web interface in BitTorrent allows remote attackers to execute arbitrary commands by leveraging knowledge of the pairing values and a crafted request to port 10000.
|
CWE-77
Command Injection
|
CVE-2014-8515
|
2024-11-21 11:19 |
2014-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284636
|
- |
|
pingidentity
|
pingfederate
|
Open redirect vulnerability in startSSO.ping in the SP Endpoints in Ping Identity PingFederate 6.10.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via…
|
NVD-CWE-Other
|
CVE-2014-8489
|
2024-11-21 11:19 |
2014-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284637
|
- |
|
mozilla
|
firefox
seamonkey
|
The structured-clone implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 does not properly interact with XrayWrapper property filtering, which allows remote attackers to bypass in…
|
CWE-284
Improper Access Control
|
CVE-2014-8632
|
2024-11-21 11:19 |
2014-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284638
|
- |
|
mozilla
|
firefox
seamonkey
|
The Chrome Object Wrapper (COW) implementation in Mozilla Firefox before 34.0 and SeaMonkey before 2.31 supports native-interface passing, which allows remote attackers to bypass intended DOM object …
|
CWE-284
Improper Access Control
|
CVE-2014-8631
|
2024-11-21 11:19 |
2014-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284639
|
- |
|
isc
|
bind
|
The GeoIP functionality in ISC BIND 9.10.0 through 9.10.1 allows remote attackers to cause a denial of service (assertion failure and named exit) via vectors related to (1) the lack of GeoIP database…
|
CWE-20
CWE-284
Improper Input Validation
Improper Access Control
|
CVE-2014-8680
|
2024-11-21 11:19 |
2014-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284640
|
- |
|
nlnetlabs
canonical
debian
|
unbound
ubuntu_linux
debian_linux
|
iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite numbe…
|
CWE-399
Resource Management Errors
|
CVE-2014-8602
|
2024-11-21 11:19 |
2014-12-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
