|
291001
|
- |
|
joomlaskin
|
js_multi_hotel
|
Cross-site scripting (XSS) vulnerability in includes/delete_img.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 and earlier for WordPress allows remote attack…
|
CWE-79
Cross-site Scripting
|
CVE-2014-100008
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291002
|
- |
|
hk_exif_tags_project
|
hk_exif_tags
|
Cross-site scripting (XSS) vulnerability in the HK Exif Tags plugin before 1.12 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via an EXIF tag. NOTE: some of …
|
CWE-79
Cross-site Scripting
|
CVE-2014-100007
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291003
|
- |
|
webtrees
|
webtrees
|
Multiple cross-site scripting (XSS) vulnerabilities in modules_v3/googlemap/wt_v3_street_view.php in webtrees before 1.5.2 allow remote attackers to inject arbitrary web script or HTML via the (1) ma…
|
CWE-79
Cross-site Scripting
|
CVE-2014-100006
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291004
|
- |
|
sitecore
|
cms
|
Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Update-4 (rev. 140120) allows remote attackers to inject arbitrary web script or HTML via the xmlcontrol parameter to the default U…
|
CWE-79
Cross-site Scripting
|
CVE-2014-100004
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291005
|
- |
|
yourmembers_project
|
yourmembers
|
SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_dow…
|
CWE-89
SQL Injection
|
CVE-2014-100003
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291006
|
- |
|
zohocorp
|
manageengine_supportcenter_plus
|
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to Wor…
|
CWE-22
Path Traversal
|
CVE-2014-100002
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291007
|
- |
|
seopressor
|
seo_plugin_liveoptim
|
Cross-site request forgery (CSRF) vulnerability in the SEO Plugin LiveOptim plugin before 1.1.4-free for WordPress allows remote attackers to hijack the authentication of administrators for requests …
|
CWE-352
Origin Validation Error
|
CVE-2014-100001
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291008
|
- |
|
sap
|
netweaver
|
The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the…
|
CWE-20
Improper Input Validation
|
CVE-2014-0995
|
2024-11-21 11:03 |
2014-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291009
|
- |
|
ibm
|
tivoli_service_automation_manager
|
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Service Automation Manager 7.2.2.2 before 7.2.2.2-TIV-TSAM-LA0041 allow remote attackers to inject arbitrary web script or HTML via v…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0940
|
2024-11-21 11:03 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291010
|
- |
|
rexx-systems
|
recruitment
|
Incomplete blacklist vulnerability in the user registration feature in rexx Recruitment R6.1 and R7 without "fixes from 2014-01-15" allows remote attackers to conduct cross-site scripting (XSS) attac…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1224
|
2024-11-21 11:03 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
