|
278981
|
- |
|
moip_project
|
moip
|
Cross-site scripting (XSS) vulnerability in the Moip module 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the notificatio…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9500
|
2024-11-21 11:21 |
2015-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278982
|
- |
|
godwin\'s_law_project
|
godwin\'s_law
|
Cross-site scripting (XSS) vulnerability in the Godwin's Law module before 7.x-1.1 for Drupal, when using the dblog module, allows remote authenticated users to inject arbitrary web script or HTML vi…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9499
|
2024-11-21 11:21 |
2015-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278983
|
- |
|
webform_invitation_project
|
webform_invitation
|
Cross-site scripting (XSS) vulnerability in the Webform Invitation module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.4 for Drupal allows remote authenticated users with the Webform: Create new c…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9498
|
2024-11-21 11:21 |
2015-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278984
|
- |
|
t-mobile
asus
|
tm-ac1900
wrt_firmware
|
common.c in infosvr in ASUS WRT firmware 3.0.0.4.376_1071, 3.0.0.376.2524-g0013f52, and other versions, as used in RT-AC66U, RT-N66U, and other routers, does not properly check the MAC address for a …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9583
|
2024-11-21 11:21 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278985
|
- |
|
codiad
|
codiad
|
Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename a…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9582
|
2024-11-21 11:21 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278986
|
- |
|
codiad
|
codiad
|
Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue wa…
|
CWE-22
Path Traversal
|
CVE-2014-9581
|
2024-11-21 11:21 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278987
|
- |
|
projectsend
|
projectsend
|
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this iss…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9580
|
2024-11-21 11:21 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278988
|
- |
|
vdgsecurity
|
vdg_sense
|
VDG Security SENSE (formerly DIVA) 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files.
|
CWE-200
Information Exposure
|
CVE-2014-9579
|
2024-11-21 11:21 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278989
|
- |
|
vdgsecurity
|
vdg_sense
|
VDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with a password hash instead of a password, which allows remote attackers to gain login access by leveraging knowledge of a password …
|
CWE-287
Improper Authentication
|
CVE-2014-9578
|
2024-11-21 11:21 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278990
|
- |
|
vdgsecurity
|
vdg_sense
|
VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 …
|
CWE-200
Information Exposure
|
CVE-2014-9577
|
2024-11-21 11:21 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
