258921
|
- |
|
cipherdyne
|
fwsnort
|
Untrusted search path vulnerability in fwsnort before 1.6.4, when not running as root, allows local users to execute arbitrary code via a Trojan horse fwsnort.conf in the current working directory.
|
NVD-CWE-Other
|
CVE-2014-0039
|
2014-02-21 14:06 |
2014-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258922
|
- |
|
cipherdyne
|
fwsnort
|
Per: http://cwe.mitre.org/data/definitions/426.html
"CWE-426: Untrusted Search Path"
|
NVD-CWE-Other
|
CVE-2014-0039
|
2014-02-21 14:06 |
2014-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258923
|
- |
|
ge
|
intelligent_platforms_proficy_hmi\%2fscada_cimplicity intelligent_platforms_proficy_hmi\/scada_cimplicity intelligent_platforms_proficy_process_systems_with_cimplicity
|
Directory traversal vulnerability in gefebt.exe in the WebView CimWeb components in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY through 8.2 SIM 24, and Proficy Process Systems with CIMPLI…
|
CWE-22
Path Traversal
|
CVE-2014-0750
|
2014-02-21 14:06 |
2014-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258924
|
- |
|
ge
|
intelligent_platforms_proficy_hmi\%2fscada_cimplicity intelligent_platforms_proficy_hmi\/scada_cimplicity intelligent_platforms_proficy_process_systems_with_cimplicity
|
Directory traversal vulnerability in CimWebServer.exe (aka the WebView component) in GE Intelligent Platforms Proficy HMI/SCADA - CIMPLICITY before 8.2 SIM 24, and Proficy Process Systems with CIMPLI…
|
CWE-22
Path Traversal
|
CVE-2014-0751
|
2014-02-21 14:06 |
2014-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258925
|
- |
|
3s-software
|
codesys_runtime_toolkit
|
Smart Software Solutions (3S) CoDeSys Runtime Toolkit before 2.4.7.44 allows remote attackers to cause a denial of service (NULL pointer dereference and application crash) via unspecified vectors.
|
CWE-399
Resource Management Errors
|
CVE-2014-0757
|
2014-02-21 14:06 |
2014-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258926
|
- |
|
phpmyfaq
|
phpmyfaq
|
Cross-site scripting (XSS) vulnerability in phpMyFAQ before 2.8.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-0814
|
2014-02-21 14:06 |
2014-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258927
|
- |
|
drupal
|
drupal
|
The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2014-1475
|
2014-02-21 14:06 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258928
|
- |
|
drupal
|
drupal
|
The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to ob…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1476
|
2014-02-21 14:06 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258929
|
- |
|
doug_poulin
|
command_school_student_management_system
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of (1) administrators for requests t…
|
CWE-352
Origin Validation Error
|
CVE-2014-1915
|
2014-02-21 14:06 |
2014-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258930
|
- |
|
visibility_software
|
cyber_recruiter
|
Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.as…
|
CWE-200
Information Exposure
|
CVE-2014-1930
|
2014-02-21 14:06 |
2014-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|