|
290371
|
- |
|
sixnet
|
sixview_manager
|
Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081.
|
CWE-22
Path Traversal
|
CVE-2014-2976
|
2024-11-21 11:07 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290372
|
- |
|
qemu
|
qemu
|
Off-by-one error in the cmd_smart function in the smart self test in hw/ide/core.c in QEMU before 2.0 allows local users to have unspecified impact via a SMART EXECUTE OFFLINE command that triggers a…
|
CWE-189
Numeric Errors
|
CVE-2014-2894
|
2024-11-21 11:07 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290373
|
- |
|
opensuse
llvm
|
opensuse
clang
|
The GetHTMLRunDir function in the scan-build utility in Clang 3.5 and earlier allows local users to obtain sensitive information or overwrite arbitrary files via a symlink attack on temporary directo…
|
CWE-59
Link Following
|
CVE-2014-2893
|
2024-11-21 11:07 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290374
|
- |
|
herry
|
sfpagent
|
lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request.
|
NVD-CWE-Other
|
CVE-2014-2888
|
2024-11-21 11:07 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290375
|
- |
|
samba
|
rsync
|
The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in…
|
CWE-20
Improper Input Validation
|
CVE-2014-2855
|
2024-11-21 11:07 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290376
|
- |
|
yassl
|
cyassl
|
wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2)…
|
CWE-20
Improper Input Validation
|
CVE-2014-2899
|
2024-11-21 11:07 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290377
|
- |
|
yassl
|
cyassl
|
wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate.
|
CWE-310
Cryptographic Issues
|
CVE-2014-2900
|
2024-11-21 11:07 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290378
|
- |
|
libmms_project
|
libmms
|
Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-2892
|
2024-11-21 11:07 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290379
|
- |
|
siege
|
phpmyid
|
Cross-site scripting (XSS) vulnerability in the wrap_html function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_error parameter to MyID.con…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2890
|
2024-11-21 11:07 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290380
|
- |
|
t-mobile
asus
|
tm-ac1900
rt-ac68u_firmware
rt-ac68u
|
Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrar…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2925
|
2024-11-21 11:07 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
