|
258021
|
- |
|
werdswords
|
download_shortcode
|
Directory traversal vulnerability in force-download.php in the Download Shortcode plugin 0.2.3 and earlier for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file…
|
CWE-22
Path Traversal
|
CVE-2014-5465
|
2014-09-4 05:15 |
2014-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258022
|
- |
|
xrms_crm_project
|
xrms_crm
|
plugins/useradmin/fingeruser.php in XRMS CRM, possibly 1.99.2, allows remote authenticated users to execute arbitrary code via shell metacharacters in the username parameter.
|
CWE-89
SQL Injection
|
CVE-2014-5521
|
2014-09-3 23:15 |
2014-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258023
|
- |
|
s3ql_project
|
s3ql
|
S3QL 1.18.1 and earlier uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object in (1) common.py or (2) local.py in backends/.
|
CWE-94
Code Injection
|
CVE-2014-0485
|
2014-09-3 22:33 |
2014-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258024
|
- |
|
labanquepostale
|
labanquepostale
|
The La Banque Postale application before 3.2.6 for Android does not prevent the launching of an activity by a component of another application, which allows attackers to obtain sensitive cached banki…
|
CWE-200
Information Exposure
|
CVE-2014-5076
|
2014-09-3 04:13 |
2014-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258025
|
- |
|
hl7
|
c-cda
|
CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to discover potentially sensitive URLs via a crafted reference element that triggers creation of an IMG element with an arbitrary URL in i…
|
CWE-200
Information Exposure
|
CVE-2014-3862
|
2014-09-3 04:04 |
2014-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258026
|
- |
|
hl7
|
c-cda
|
Cross-site scripting (XSS) vulnerability in CDA.xsl in HL7 C-CDA 1.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted reference element within a nonXMLBody ele…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3861
|
2014-09-3 04:02 |
2014-09-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258027
|
- |
|
codeaurora
|
android-msm
|
The Qualcomm Innovation Center (QuIC) init scripts in Code Aurora Forum (CAF) releases of Android 4.1.x through 4.4.x allow local users to modify file metadata via a symlink attack on a file accessed…
|
CWE-59
Link Following
|
CVE-2013-6124
|
2014-09-3 03:51 |
2014-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258028
|
- |
|
codeaurora
|
android-msm
|
app/aboot/aboot.c in the Little Kernel (LK) bootloader, as distributed with Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allows attackers to overwrite s…
|
CWE-20
Improper Input Validation
|
CVE-2013-2598
|
2014-09-3 03:44 |
2014-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258029
|
- |
|
codeaurora
|
android-msm
|
Stack-based buffer overflow in the acdb_ioctl function in audio_acdb.c in the acdb audio driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-2597
|
2014-09-3 03:43 |
2014-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258030
|
- |
|
codeaurora
|
android-msm
|
The device-initialization functionality in the MSM camera driver for the Linux kernel 2.6.x and 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other produ…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2595
|
2014-09-3 03:41 |
2014-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
