257701
|
- |
|
qnap
|
ts-469u_firmware ts-469u ts-ec1679u-rp_firmware ts-ec1679u-rp ts-459u_firmware ts-459u ss-839_firmware ss-839
|
QNAP TS-469U with firmware 4.0.7 Build 20140410, TS-459U, TS-EC1679U-RP, and SS-839 use world-readable permissions for /etc/config/shadow, which allows local users to obtain usernames and hashed pass…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5457
|
2014-08-27 02:21 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257702
|
- |
|
ubi
|
uplay_pc
|
Ubisoft Uplay PC before 4.6.1.3217 use weak permissions (Everyone: Full Control) for the program installation directory (%PROGRAMFILES%\Ubisoft Game Launcher), which allows local users to gain privil…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5453
|
2014-08-27 00:16 |
2014-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257703
|
- |
|
bssys
|
rbs_bs-client
|
Multiple SQL injection vulnerabilities in Bank Soft Systems (BSS) RBS BS-Client 3.17.9 allow remote attackers to execute arbitrary SQL commands via the (1) CARDS or (2) XACTION parameter.
|
CWE-89
SQL Injection
|
CVE-2014-4197
|
2014-08-23 02:12 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257704
|
- |
|
binarymoon
|
timthumb
|
Cross-site scripting (XSS) vulnerability in the displayError function in timthumb.php in TimThumb before 1.15 (r85), as used in multiple products, allows remote attackers to inject arbitrary web scri…
|
CWE-79
Cross-site Scripting
|
CVE-2010-5303
|
2014-08-22 23:18 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257705
|
- |
|
binarymoon
|
timthumb
|
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb before 1.15 as of 20100908 (r88), as used in multiple products, allows remote attackers to inject arbitrary web script or HTML via…
|
CWE-79
Cross-site Scripting
|
CVE-2010-5302
|
2014-08-22 22:29 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257706
|
- |
|
binarymoon prothemedesign
|
timthumb mimbo_pro
|
Cross-site scripting (XSS) vulnerability in timthumb.php in TimThumb 1.09 and earlier, as used in Mimbo Pro 2.3.1 and other products, allows remote attackers to inject arbitrary web script or HTML vi…
|
CWE-79
Cross-site Scripting
|
CVE-2009-5142
|
2014-08-22 22:25 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257707
|
- |
|
freebsd netbsd
|
freebsd netbsd
|
The VIQR module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (out-of-bounds array access) via a crafted argument to…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-5384
|
2014-08-22 08:16 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257708
|
- |
|
freebsd netbsd
|
freebsd netbsd
|
The HZ module in the iconv implementation in FreeBSD 10.0 before p6 and NetBSD allows context-dependent attackers to cause a denial of service (NULL pointer dereference) via a crafted argument to the…
|
NVD-CWE-Other
|
CVE-2014-3951
|
2014-08-22 08:14 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257709
|
- |
|
freebsd netbsd
|
freebsd netbsd
|
<a href="http://cwe.mitre.org/data/definitions/476.html" target="_blank">CWE-476: NULL Pointer Dereference</a>
|
NVD-CWE-Other
|
CVE-2014-3951
|
2014-08-22 08:14 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257710
|
- |
|
alienvault
|
open_source_security_information_management
|
The av-centerd SOAP service in AlienVault OSSIM before 4.7.0 allows remote attackers to execute arbitrary commands via a crafted (1) remote_task or (2) get_license request, a different vulnerability …
|
CWE-94
Code Injection
|
CVE-2014-5210
|
2014-08-22 01:57 |
2014-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|