|
290921
|
- |
|
herry
|
sfpagent
|
lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request.
|
NVD-CWE-Other
|
CVE-2014-2888
|
2024-11-21 11:07 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290922
|
- |
|
samba
|
rsync
|
The check_secret function in authenticate.c in rsync 3.1.0 and earlier allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a user name which does not exist in…
|
CWE-20
Improper Input Validation
|
CVE-2014-2855
|
2024-11-21 11:07 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290923
|
- |
|
yassl
|
cyassl
|
wolfSSL CyaSSL before 2.9.4 allows remote attackers to cause a denial of service (NULL pointer dereference) via (1) a request for the peer certificate when a certificate parsing failure occurs or (2)…
|
CWE-20
Improper Input Validation
|
CVE-2014-2899
|
2024-11-21 11:07 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290924
|
- |
|
yassl
|
cyassl
|
wolfSSL CyaSSL before 2.9.4 does not properly validate X.509 certificates with unknown critical extensions, which allows man-in-the-middle attackers to spoof servers via crafted X.509 certificate.
|
CWE-310
Cryptographic Issues
|
CVE-2014-2900
|
2024-11-21 11:07 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290925
|
- |
|
libmms_project
|
libmms
|
Heap-based buffer overflow in the get_answer function in mmsh.c in libmms before 0.6.4 allows remote attackers to execute arbitrary code via a long line in an MMS over HTTP (MMSH) server response.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-2892
|
2024-11-21 11:07 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290926
|
- |
|
siege
|
phpmyid
|
Cross-site scripting (XSS) vulnerability in the wrap_html function in MyID.php in phpMyID 0.9 allows remote attackers to inject arbitrary web script or HTML via the openid_error parameter to MyID.con…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2890
|
2024-11-21 11:07 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290927
|
- |
|
t-mobile
asus
|
tm-ac1900
rt-ac68u_firmware
rt-ac68u
|
Cross-site scripting (XSS) vulnerability in Advanced_Wireless_Content.asp in ASUS RT-AC68U and other RT series routers with firmware before 3.0.0.4.374.5047 allows remote attackers to inject arbitrar…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2925
|
2024-11-21 11:07 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290928
|
- |
|
pimcore
|
pimcore
|
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.1.0 does not properly handle an object obtained by unserializing a pathname, which all…
|
CWE-20
Improper Input Validation
|
CVE-2014-2922
|
2024-11-21 11:07 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290929
|
- |
|
pimcore
|
pimcore
|
The getObjectByToken function in Newsletter.php in the Pimcore_Tool_Newsletter module in pimcore 1.4.9 through 2.0.0 does not properly handle an object obtained by unserializing Lucene search data, w…
|
CWE-94
Code Injection
|
CVE-2014-2921
|
2024-11-21 11:07 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290930
|
- |
|
apple
|
cups
|
Cross-site scripting (XSS) vulnerability in scheduler/client.c in Common Unix Printing System (CUPS) before 1.7.2 allows remote attackers to inject arbitrary web script or HTML via the URL path, rela…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2856
|
2024-11-21 11:07 |
2014-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
