258081
|
- |
|
caldera
|
caldera
|
costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request.
|
CWE-78
OS Command
|
CVE-2014-2935
|
2014-05-16 13:26 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258082
|
- |
|
caldera
|
caldera
|
The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified …
|
CWE-94
Code Injection
|
CVE-2014-2936
|
2014-05-16 13:26 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258083
|
- |
|
sixnet
|
sixview_manager
|
Directory traversal vulnerability in Sixnet SixView Manager 2.4.1 allows remote attackers to read arbitrary files via a .. (dot dot) in an HTTP GET request to TCP port 18081.
|
CWE-22
Path Traversal
|
CVE-2014-2976
|
2014-05-16 13:26 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258084
|
- |
|
open_assessment_technologies_
|
tao
|
Cross-site request forgery (CSRF) vulnerability in Open Assessment Technologies TAO 2.5.6 allows remote attackers to hijack the authentication of administrators for requests that create administrativ…
|
CWE-352
Origin Validation Error
|
CVE-2014-2989
|
2014-05-16 13:26 |
2014-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258085
|
- |
|
adobe
|
acrobat_reader
|
Heap-based buffer overflow in Adobe Reader 11.0.06 allows remote attackers to execute arbitrary code via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0511
|
2014-05-16 13:24 |
2014-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258086
|
- |
|
adobe
|
acrobat_reader
|
Adobe Reader 11.0.06 allows attackers to bypass a PDF sandbox protection mechanism via unspecified vectors, as demonstrated by VUPEN during a Pwn2Own competition at CanSecWest 2014.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0512
|
2014-05-16 13:24 |
2014-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258087
|
- |
|
disk_pool_manager_project
|
disk_pool_manager
|
Multiple SQL injection vulnerabilities in LCG Disk Pool Manager (DPM) before 1.8.6, as used in EGI UDM, allow remote attackers to execute arbitrary SQL commands via the (1) r_token variable in the dp…
|
CWE-89
SQL Injection
|
CVE-2011-4970
|
2014-05-16 12:58 |
2014-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258088
|
- |
|
phppgadmin
|
phppgadmin
|
Multiple cross-site scripting (XSS) vulnerabilities in phpPgAdmin before 5.0.3 allow remote attackers to inject arbitrary web script or HTML via (1) a web page title, related to classes/Misc.php; or …
|
CWE-79
Cross-site Scripting
|
CVE-2011-3598
|
2014-05-16 12:56 |
2011-10-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258089
|
- |
|
videolan
|
vlc_media_player
|
codec\libpng_plugin.dll in VideoLAN VLC Media Player 2.1.3 allows remote attackers to cause a denial of service (crash) via a crafted .png file, as demonstrated by a png in a .wave file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3441
|
2014-05-16 03:58 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258090
|
- |
|
jetaudio
|
jetaudio
|
JetMPAd.ax in JetAudio 8.1.1 and earlier allows remote attackers to cause a denial of service (crash) via a crafted .ogg file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3443
|
2014-05-16 03:55 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|