|
278821
|
- |
|
typo3
|
typo3
|
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers …
|
CWE-20
Improper Input Validation
|
CVE-2014-9509
|
2024-11-21 11:21 |
2015-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278822
|
- |
|
typo3
|
typo3
|
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only …
|
CWE-59
Link Following
|
CVE-2014-9508
|
2024-11-21 11:21 |
2015-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278823
|
- |
|
mediawiki
|
mediawiki
|
MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9507
|
2024-11-21 11:21 |
2015-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278824
|
- |
|
mantisbt
|
mantisbt
|
MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain s…
|
CWE-200
Information Exposure
|
CVE-2014-9506
|
2024-11-21 11:21 |
2015-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278825
|
9.8 |
CRITICAL
Network
|
sap
|
businessobjects_edge
|
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note …
|
CWE-287
Improper Authentication
|
CVE-2014-9320
|
2024-11-21 11:20 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278826
|
9.8 |
CRITICAL
Network
|
git-scm
mercurial
apple
eclipse
libgit2
|
git
mercurial
xcode
egit
libgit2
jgit
|
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; …
|
CWE-20
Improper Input Validation
|
CVE-2014-9390
|
2024-11-21 11:20 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278827
|
6.1 |
MEDIUM
Network
|
fork-cms
|
fork_cms
|
Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML …
|
CWE-79
Cross-site Scripting
|
CVE-2014-9470
|
2024-11-21 11:20 |
2020-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278828
|
6.5 |
MEDIUM
Network
|
open-school
|
open-school
|
Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the v…
|
CWE-200
Information Exposure
|
CVE-2014-9127
|
2024-11-21 11:20 |
2020-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278829
|
6.1 |
MEDIUM
Network
|
open-school
|
open-school
|
Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the Studen…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9126
|
2024-11-21 11:20 |
2020-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278830
|
5.9 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
|
CWE-200
Information Exposure
|
CVE-2014-9481
|
2024-11-21 11:20 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
