|
292491
|
- |
|
sitecore
|
cms
|
Cross-site scripting (XSS) vulnerability in Sitecore CMS before 7.0 Update-4 (rev. 140120) allows remote attackers to inject arbitrary web script or HTML via the xmlcontrol parameter to the default U…
|
CWE-79
Cross-site Scripting
|
CVE-2014-100004
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292492
|
- |
|
yourmembers_project
|
yourmembers
|
SQL injection vulnerability in includes/ym-download_functions.include.php in the Code Futures YourMembers plugin for WordPress allows remote attackers to execute arbitrary SQL commands via the ym_dow…
|
CWE-89
SQL Injection
|
CVE-2014-100003
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292493
|
- |
|
zohocorp
|
manageengine_supportcenter_plus
|
Directory traversal vulnerability in ManageEngine SupportCenter Plus 7.9 before 7917 allows remote attackers to read arbitrary files via a ..%2f (dot dot encoded slash) in the attach parameter to Wor…
|
CWE-22
Path Traversal
|
CVE-2014-100002
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292494
|
- |
|
seopressor
|
seo_plugin_liveoptim
|
Cross-site request forgery (CSRF) vulnerability in the SEO Plugin LiveOptim plugin before 1.1.4-free for WordPress allows remote attackers to hijack the authentication of administrators for requests …
|
CWE-352
Origin Validation Error
|
CVE-2014-100001
|
2024-11-21 11:03 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292495
|
- |
|
sap
|
netweaver
|
The Standalone Enqueue Server in SAP Netweaver 7.20, 7.01, and earlier allows remote attackers to cause a denial of service (uncontrolled recursion and crash) via a trace level with a wildcard in the…
|
CWE-20
Improper Input Validation
|
CVE-2014-0995
|
2024-11-21 11:03 |
2014-11-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292496
|
- |
|
ibm
|
tivoli_service_automation_manager
|
Multiple cross-site scripting (XSS) vulnerabilities in IBM Tivoli Service Automation Manager 7.2.2.2 before 7.2.2.2-TIV-TSAM-LA0041 allow remote attackers to inject arbitrary web script or HTML via v…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0940
|
2024-11-21 11:03 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292497
|
- |
|
rexx-systems
|
recruitment
|
Incomplete blacklist vulnerability in the user registration feature in rexx Recruitment R6.1 and R7 without "fixes from 2014-01-15" allows remote attackers to conduct cross-site scripting (XSS) attac…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1224
|
2024-11-21 11:03 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292498
|
- |
|
embarcadero
|
embarcadero_delphi_xe6
embarcadero_c\+\+builder_xe6
|
Heap-based buffer overflow in the ReadDIB function in the Vcl.Graphics.TPicture.Bitmap implementation in the Visual Component Library (VCL) in Embarcadero Delphi XE6 20.0.15596.9843 and C++ Builder X…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0994
|
2024-11-21 11:03 |
2014-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292499
|
- |
|
advantech
|
advantech_webaccess
|
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the password parameter.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0992
|
2024-11-21 11:03 |
2014-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292500
|
- |
|
advantech
|
advantech_webaccess
|
Stack-based buffer overflow in Advantech WebAccess (formerly BroadWin WebAccess) 7.2 allows remote attackers to execute arbitrary code via the projectname parameter.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0991
|
2024-11-21 11:03 |
2014-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
