|
291941
|
- |
|
phpjabbers
|
appointment_scheduler
|
Directory traversal vulnerability in PHPJabbers Appointment Scheduler 2.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter in a pjActionDownload action to the pj…
|
CWE-22
Path Traversal
|
CVE-2014-10010
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291942
|
- |
|
iwcn
|
stark_crm
|
Multiple cross-site scripting (XSS) vulnerabilities in Stark CRM 1.0 allow remote attackers to inject arbitrary web script or HTML via the (1) first_name, (2) last_name, or (3) notes parameter to the…
|
CWE-79
Cross-site Scripting
|
CVE-2014-10009
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291943
|
- |
|
iwcn
|
stark_crm
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Stark CRM 1.0 allow remote attackers to hijack the authentication of administrators for requests that add (1) an administrator via a craf…
|
CWE-352
Origin Validation Error
|
CVE-2014-10008
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291944
|
- |
|
maianscriptworld
|
maian_weblog
|
Multiple cross-site scripting (XSS) vulnerabilities in Maian Weblog 4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) email, or (3) subject parameter…
|
CWE-79
Cross-site Scripting
|
CVE-2014-10007
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291945
|
- |
|
maianscriptworld
|
maian_uploader
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Maian Uploader 4.0 allow remote attackers to hijack the authentication of unspecified users for requests that conduct cross-site scriptin…
|
CWE-352
Origin Validation Error
|
CVE-2014-10006
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291946
|
- |
|
maianscriptworld
|
maian_uploader
|
Maian Uploader 4.0 allows remote attackers to obtain sensitive information via a request without the height parameter to load_flv.js.php, which reveals the installation path in an error message.
|
CWE-200
Information Exposure
|
CVE-2014-10005
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291947
|
- |
|
maianscriptworld
|
maian_uploader
|
SQL injection vulnerability in admin/data_files/move.php in Maian Uploader 4.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2014-10004
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291948
|
- |
|
maian_script_world
|
maian_uploader
|
Multiple cross-site scripting (XSS) vulnerabilities in Maian Uploader 4.0 allow remote attackers to inject arbitrary web script or HTML via the width parameter to (1) uploader/admin/js/load_flv.js.ph…
|
CWE-79
Cross-site Scripting
|
CVE-2014-10003
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291949
|
- |
|
jetbrains
|
teamcity
|
Unspecified vulnerability in JetBrains TeamCity before 8.1 allows remote attackers to obtain sensitive information via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2014-10002
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291950
|
- |
|
csphere
|
clansphere
|
Cross-site scripting (XSS) vulnerability in ClanSphere 2011.4 allows remote attackers to inject arbitrary web script or HTML via the where parameter in a list action to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2014-100010
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
