|
290641
|
- |
|
orbitscripts
|
orbit_open_ad_server
|
SQL injection vulnerability in OrbitScripts Orbit Open Ad Server before 1.1.1 allows remote attackers to execute arbitrary SQL commands via the site_directory_sort_field parameter to guest/site_direc…
|
CWE-89
SQL Injection
|
CVE-2014-2540
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290642
|
- |
|
marcel_brinkkemper
|
lazyest-gallery
|
Cross-site scripting (XSS) vulnerability in the Lazyest Gallery plugin before 1.1.21 for WordPress allows remote attackers to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of these…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2333
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290643
|
- |
|
tigase
|
tigase
|
net/IOService.java in Tigase before 5.2.1 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2746
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290644
|
- |
|
prosody
|
prosody
|
Prosody before 0.9.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP stream,…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2745
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290645
|
- |
|
lightwitch
prosody
|
metronome
prosody
|
plugins/mod_compression.lua in (1) Prosody before 0.9.4 and (2) Lightwitch Metronome through 3.4 negotiates stream compression while a session is unauthenticated, which allows remote attackers to cau…
|
CWE-20
Improper Input Validation
|
CVE-2014-2744
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290646
|
- |
|
lightwitch
|
metronome
|
plugins/mod_compression.lua in Lightwitch Metronome through 3.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resou…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2743
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290647
|
- |
|
isode
|
m-link
|
Isode M-Link before 16.0v7 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP s…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2742
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290648
|
- |
|
igniterealtime
|
openfire
|
nio/XMLLightweightParser.java in Ignite Realtime Openfire before 3.9.2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2741
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290649
|
- |
|
sap
|
business_object_processing_framework_for_abap
|
SAP Business Object Processing Framework (BOPF) for ABAP has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
|
CWE-255
Credentials Management
|
CVE-2014-2752
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290650
|
- |
|
sap
|
print_and_output_management
|
SAP Print and Output Management has hardcoded credentials, which makes it easier for remote attackers to obtain access via unspecified vectors.
|
CWE-255
Credentials Management
|
CVE-2014-2751
|
2024-11-21 11:06 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
