|
290991
|
- |
|
iwcn
|
stark_crm
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add (1) an administrator via a craf…
|
CWE-352
Origin Validation Error
|
CVE-2014-10008
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290992
|
- |
|
maianscriptworld
|
maian_weblog
|
Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) subject parameter…
|
CWE-79
Cross-site Scripting
|
CVE-2014-10007
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290993
|
- |
|
maianscriptworld
|
maian_uploader
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attackers to hijack the authentication of unspecified users for requests that conduct cross-site scriptin…
|
CWE-352
Origin Validation Error
|
CVE-2014-10006
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290994
|
- |
|
maianscriptworld
|
maian_uploader
|
Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to load_flv.js.php, which reveals the installation path in an error message.
|
CWE-200
Information Exposure
|
CVE-2014-10005
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290995
|
- |
|
maianscriptworld
|
maian_uploader
|
SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2014-10004
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290996
|
- |
|
maian_script_world
|
maian_uploader
|
Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the width parameter to (1) uploader/admin/js/load_flv.js.ph…
|
CWE-79
Cross-site Scripting
|
CVE-2014-10003
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290997
|
- |
|
jetbrains
|
teamcity
|
Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2014-10002
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290998
|
- |
|
csphere
|
clansphere
|
Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2014-100010
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290999
|
- |
|
phpjabbers
|
appointment_scheduler
|
Multiple cross-site request forgery (CSRF) vulnerabilities in PHPJabbers Appointment Scheduler 2.0 allow remote attackers to hijack the authentication of administrators for requests that (1) conduct …
|
CWE-352
Origin Validation Error
|
CVE-2014-10001
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291000
|
- |
|
joomlaskin
|
js_multi_hotel
|
The Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attackers to obtain the installation path via a request to (1) functions.php,…
|
CWE-200
Information Exposure
|
CVE-2014-100009
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
