258471
|
- |
|
sophos
|
web_appliance_firmware web_appliance
|
The network interface configuration page (netinterface) in Sophos Web Appliance before 3.8.2 allows remote administrators to execute arbitrary commands via shell metacharacters in the address paramet…
|
CWE-78
OS Command
|
CVE-2014-2850
|
2014-04-15 00:38 |
2014-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258472
|
- |
|
tenable
|
nessus plugin-set
|
A race condition in the wmi_malware_scan.nbin plugin before 201402262215 for Nessus 5.2.1 allows local users to gain privileges by replacing the dissolvable agent executable in the Windows temp direc…
|
CWE-362
Race Condition
|
CVE-2014-2848
|
2014-04-15 00:21 |
2014-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258473
|
- |
|
construtiva
|
cis_manager_cms
|
SQL injection vulnerability in default.asp in CIS Manager CMS allows remote attackers to execute arbitrary SQL commands via the TroncoID parameter.
|
CWE-89
SQL Injection
|
CVE-2014-2847
|
2014-04-15 00:15 |
2014-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258474
|
- |
|
snilesh
|
content_slide
|
Cross-site request forgery (CSRF) vulnerability in the Content Slide plugin 1.4.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plugin …
|
CWE-352
Origin Validation Error
|
CVE-2013-2708
|
2014-04-14 21:52 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258475
|
- |
|
rodrigo_polo
|
stream_video_player
|
Cross-site request forgery (CSRF) vulnerability in the Stream Video Player plugin 1.4.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change p…
|
CWE-352
Origin Validation Error
|
CVE-2013-2706
|
2014-04-14 20:13 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258476
|
- |
|
isode
|
m-link
|
Isode M-Link before 16.0v7 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a crafted XMPP s…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2742
|
2014-04-12 04:49 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258477
|
- |
|
erlang-solutions
|
mongooseim
|
Erlang Solutions MongooseIM through 1.3.1 rev. 2 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2829
|
2014-04-12 04:45 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258478
|
- |
|
tigase
|
tigase
|
net/IOService.java in Tigase before 5.2.1 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resource consumption) via a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2746
|
2014-04-12 04:39 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258479
|
- |
|
lightwitch
|
metronome
|
plugins/mod_compression.lua in Lightwitch Metronome through 3.4 does not properly restrict the processing of compressed XML elements, which allows remote attackers to cause a denial of service (resou…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2743
|
2014-04-12 04:36 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258480
|
- |
|
sap
|
enterprise_portal
|
SAP Enterprise Portal does not properly restrict access to the Federation configuration pages, which allows remote attackers to gain privileges via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7367
|
2014-04-12 03:19 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|