|
256731
|
- |
|
bananadance
|
banana_dance
|
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5243
|
2014-10-25 02:26 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256732
|
- |
|
samsung
|
findmymobile
mobile
|
The Remote Controls feature on Samsung mobile devices does not validate the source of lock-code data received over a network, which makes it easier for remote attackers to cause a denial of service (…
|
CWE-94
Code Injection
|
CVE-2014-8346
|
2014-10-24 23:24 |
2014-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256733
|
- |
|
centrify
|
directcontrol
centrify_suite
|
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging i…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7298
|
2014-10-24 23:00 |
2014-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256734
|
- |
|
tenda
|
a32_firmware
a32
|
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for reque…
|
CWE-352
Origin Validation Error
|
CVE-2014-7281
|
2014-10-24 22:02 |
2014-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256735
|
- |
|
tim_rohrer
|
wordpress_spreadsheet_plugin
|
Cross-site scripting (XSS) vulnerability in ss_handler.php in the WordPress Spreadsheet (wpSS) plugin 0.62 for WordPress allows remote attackers to inject arbitrary web script or HTML via the ss_id p…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8364
|
2014-10-24 21:58 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256736
|
- |
|
tomatocart
|
tomatocart
|
SQL injection vulnerability in TomatoCart 1.1.8.6.1 allows remote authenticated users to execute arbitrary SQL commands via the First Name and Last Name fields in a new address book contact.
|
CWE-89
SQL Injection
|
CVE-2014-3978
|
2014-10-24 21:53 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256737
|
- |
|
tomatocart
|
tomatocart
|
Cross-site scripting (XSS) vulnerability in info.php in TomatoCart 1.1.8.6.1 allows remote attackers to inject arbitrary web script or HTML via the faqs_id parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-3830
|
2014-10-24 21:52 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256738
|
- |
|
xornic
|
contact_us
|
Multiple cross-site scripting (XSS) vulnerabilities in Xornic Contact Us allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) email parameter to contact.php or (3) PA…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8365
|
2014-10-24 21:51 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256739
|
- |
|
oracle
|
database_server
|
Unspecified vulnerability in the SQLJ component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality via unknown …
|
NVD-CWE-noinfo
|
CVE-2014-6452
|
2014-10-24 16:28 |
2014-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
256740
|
- |
|
oracle
|
database_server
|
Unspecified vulnerability in the JPublisher component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, 12.1.0.1, and 12.1.0.2 allows remote authenticated users to affect confidentiality, integ…
|
NVD-CWE-noinfo
|
CVE-2014-6546
|
2014-10-24 16:28 |
2014-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
