|
285171
|
- |
|
gnu
debian
|
cpio
debian_linux
|
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-9112
|
2024-11-21 11:20 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285172
|
- |
|
filefield_project
|
filefield
|
The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read pr…
|
CWE-200
Information Exposure
|
CVE-2014-9156
|
2024-11-21 11:20 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285173
|
- |
|
avatar_uploader_project
|
avatar_uploader
|
Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (…
|
CWE-22
Path Traversal
|
CVE-2014-9155
|
2024-11-21 11:20 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285174
|
- |
|
notify_project
|
notify
|
The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titl…
|
CWE-200
Information Exposure
|
CVE-2014-9154
|
2024-11-21 11:20 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285175
|
- |
|
services_project
|
services
|
Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter …
|
CWE-79
Cross-site Scripting
|
CVE-2014-9153
|
2024-11-21 11:20 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285176
|
- |
|
services_project
|
services
|
The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess …
|
CWE-255
Credentials Management
|
CVE-2014-9152
|
2024-11-21 11:20 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285177
|
- |
|
services_project
|
services
|
The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attac…
|
CWE-284
Improper Access Control
|
CVE-2014-9151
|
2024-11-21 11:20 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285178
|
- |
|
mageia
debian
gnupg
canonical
|
mageia
debian_linux
libksba
ubuntu_linux
gnupg
|
Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to cause a denial of service (crash) via a crafted OID in a (1) S/MIME message or …
|
CWE-191
Integer Underflow (Wrap or Wraparound)
|
CVE-2014-9087
|
2024-11-21 11:20 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285179
|
- |
|
clamav
|
clamav
|
Heap-based buffer overflow in the cli_scanpe function in libclamav/pe.c in ClamAV before 0.98.5 allows remote attackers to cause a denial of service (crash) via a crafted y0da Crypter PE file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-9050
|
2024-11-21 11:20 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285180
|
- |
|
phpmyadmin
opensuse
|
phpmyadmin
opensuse
|
Directory traversal vulnerability in libraries/error_report.lib.php in the error-reporting feature in phpMyAdmin 4.1.x before 4.1.14.7 and 4.2.x before 4.2.12 allows remote authenticated users to obt…
|
CWE-22
Path Traversal
|
CVE-2014-8961
|
2024-11-21 11:20 |
2014-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
