|
257741
|
- |
|
caldera
|
caldera
|
The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified …
|
CWE-94
Code Injection
|
CVE-2014-2936
|
2014-05-16 13:26 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257742
|
- |
|
sixnet
|
sixview_manager
|
Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081.
|
CWE-22
Path Traversal
|
CVE-2014-2976
|
2014-05-16 13:26 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257743
|
- |
|
open_assessment_technologies_
|
tao
|
Cross-site request forgery (CSRF) vulnerability in Open Assessment Technologies TAO 2.5.6 allows remote attackers to hijack the authentication of administrators for requests that create administrativ…
|
CWE-352
Origin Validation Error
|
CVE-2014-2989
|
2014-05-16 13:26 |
2014-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257744
|
- |
|
adobe
|
acrobat_reader
|
Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0511
|
2014-05-16 13:24 |
2014-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257745
|
- |
|
adobe
|
acrobat_reader
|
Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0512
|
2014-05-16 13:24 |
2014-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257746
|
- |
|
disk_pool_manager_project
|
disk_pool_manager
|
Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM) before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the (1) r_token variable in the dp…
|
CWE-89
SQL Injection
|
CVE-2011-4970
|
2014-05-16 12:58 |
2014-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257747
|
- |
|
phppgadmin
|
phppgadmin
|
Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or …
|
CWE-79
Cross-site Scripting
|
CVE-2011-3598
|
2014-05-16 12:56 |
2011-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257748
|
- |
|
videolan
|
vlc_media_player
|
codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3441
|
2014-05-16 03:58 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257749
|
- |
|
jetaudio
|
jetaudio
|
JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3443
|
2014-05-16 03:55 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257750
|
- |
|
openx
|
openx
|
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by r…
|
CWE-352
Origin Validation Error
|
CVE-2013-7376
|
2014-05-16 00:00 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
