|
292411
|
- |
|
openssl
|
openssl
|
d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (memory consumption) via crafte…
|
CWE-399
Resource Management Errors
|
CVE-2014-3506
|
2024-11-21 11:08 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292412
|
- |
|
openssl
|
openssl
|
Double free vulnerability in d1_both.c in the DTLS implementation in OpenSSL 0.9.8 before 0.9.8zb, 1.0.0 before 1.0.0n, and 1.0.1 before 1.0.1i allows remote attackers to cause a denial of service (a…
|
NVD-CWE-Other
|
CVE-2014-3505
|
2024-11-21 11:08 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292413
|
- |
|
pyplate
|
pyplate
|
Directory traversal vulnerability in download.py in Pyplate 0.08 allows remote attackers to read arbitrary files via a .. (dot dot) in the filename parameter.
|
CWE-22
Path Traversal
|
CVE-2014-3855
|
2024-11-21 11:08 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292414
|
- |
|
pyplate
|
pyplate
|
Cross-site request forgery (CSRF) vulnerability in admin/addScript.py in Pyplate 0.08 allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scrip…
|
CWE-352
Origin Validation Error
|
CVE-2014-3854
|
2024-11-21 11:08 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292415
|
- |
|
pyplate
|
pyplate
|
Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http sess…
|
CWE-200
Information Exposure
|
CVE-2014-3853
|
2024-11-21 11:08 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292416
|
- |
|
pyplate
|
pyplate
|
Pyplate 0.08 does not include the HTTPOnly flag in a Set-Cookie header for the id cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to t…
|
CWE-200
Information Exposure
|
CVE-2014-3852
|
2024-11-21 11:08 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292417
|
- |
|
pyplate
|
pyplate
|
usr/lib/cgi-bin/create_passwd_file.py in Pyplate 0.08 uses world-readable permissions for passwd.db, which allows local users to obtain the administrator password by reading this file.
|
CWE-200
Information Exposure
|
CVE-2014-3851
|
2024-11-21 11:08 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292418
|
- |
|
xbmc
|
xbmc
|
XBMC 13.0 uses world-readable permissions for .xbmc/userdata/sources.xml, which allows local users to obtain user names and passwords by reading this file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3800
|
2024-11-21 11:08 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292419
|
- |
|
teampass
|
teampass
|
Multiple cross-site scripting (XSS) vulnerabilities in items.php in TeamPass before 2.1.20 allow remote attackers to inject arbitrary web script or HTML via the group parameter, which is not properly…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3774
|
2024-11-21 11:08 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292420
|
- |
|
teampass
|
teampass
|
Multiple SQL injection vulnerabilities in TeamPass before 2.1.20 allow remote attackers to execute arbitrary SQL commands via the login parameter in a (1) send_pw_by_email or (2) generate_new_passwor…
|
CWE-89
SQL Injection
|
CVE-2014-3773
|
2024-11-21 11:08 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
