|
257331
|
- |
|
in-portal
|
in-portal
|
Cross-site scripting (XSS) vulnerability in In-Portal CMS 5.2.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the next_template parameter to admin/index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2014-8304
|
2014-10-21 11:43 |
2014-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257332
|
- |
|
oracle
|
identity_manager
|
Open redirect vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.1.5, 11.1.1.7, 11.1.2.1, and 11.1.2.2 allows remote attackers to redirect users to arbitrary web …
|
CWE-20
Improper Input Validation
|
CVE-2014-2880
|
2014-10-17 16:12 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257333
|
- |
|
oracle
|
database_server
|
Unspecified vulnerability in the Core RDBMS component in Oracle Database Server 11.1.0.7, 11.2.0.3, 11.2.0.4, and 12.1.0.1 allows remote attackers to affect confidentiality via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2014-2478
|
2014-10-17 02:56 |
2014-10-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257334
|
- |
|
pnc
|
virtual_wallet_by_pnc
|
The PNC Virtual Wallet (aka com.pnc.ecommerce.mobile.vw.android) application before 2.2 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to sp…
|
CWE-310
Cryptographic Issues
|
CVE-2014-6881
|
2014-10-16 16:27 |
2014-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257335
|
- |
|
phpmyadmin
|
phpmyadmin
|
Multiple cross-site scripting (XSS) vulnerabilities in phpMyAdmin 4.0.x before 4.0.10.2, 4.1.x before 4.1.14.3, and 4.2.x before 4.2.7.1 allow remote authenticated users to inject arbitrary web scrip…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5273
|
2014-10-16 16:23 |
2014-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257336
|
- |
|
debian
canonical
kde
|
kde4libs
ubuntu_linux
kauth
kdelibs
|
KDE kdelibs before 4.14 and kauth before 5.1 does not properly use D-Bus for communication with a polkit authority, which allows local users to bypass intended access restrictions by leveraging a Pol…
|
CWE-362
Race Condition
|
CVE-2014-5033
|
2014-10-16 16:22 |
2014-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257337
|
- |
|
drupal
|
doubleclick_for_publishers
|
Cross-site scripting (XSS) vulnerability in the Google Doubleclick for Publishers (DFP) module 7.x-1.x before 7.x-1.2 for Drupal allows remote authenticated users with the "administer dfp" permission…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8748
|
2014-10-16 11:24 |
2014-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257338
|
- |
|
huawei
|
e5332_firmware
e5332
|
Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long parameter in an API s…
|
CWE-399
Resource Management Errors
|
CVE-2014-5328
|
2014-10-16 00:32 |
2014-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257339
|
- |
|
cryoserver
|
cryoserver_security_appliance
|
Cryoserver Security Appliance 7.3.x uses weak permissions for /etc/init.d/cryoserver, which allows local users to gain privileges by leveraging access to the support account and running the /bin/cryo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4867
|
2014-10-16 00:22 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257340
|
- |
|
huawei
|
e5332_firmware
e5332
|
Buffer overflow in the Webserver component on the Huawei E5332 router before 21.344.27.00.1080 allows remote authenticated users to cause a denial of service (reboot) via a long URI.
|
CWE-399
Resource Management Errors
|
CVE-2014-5327
|
2014-10-15 23:33 |
2014-10-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
