|
285381
|
- |
|
lantronix
|
xprintserver
|
Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrate…
|
CWE-352
Origin Validation Error
|
CVE-2014-9003
|
2024-11-21 11:20 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285382
|
- |
|
lantronix
|
xprintserver
|
Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9002
|
2024-11-21 11:20 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285383
|
- |
|
incrediblepbx
|
incredible_pbx_11
|
reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5)…
|
CWE-94
Code Injection
|
CVE-2014-9001
|
2024-11-21 11:20 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285384
|
- |
|
mulesoft
|
mule_enterprise_management_console
|
Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitra…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9000
|
2024-11-21 11:20 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285385
|
- |
|
xoops
|
xoops
|
SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter.
|
CWE-89
SQL Injection
|
CVE-2014-8999
|
2024-11-21 11:20 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285386
|
- |
|
x7chat
|
x7_chat
|
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace functio…
|
CWE-94
Code Injection
|
CVE-2014-8998
|
2024-11-21 11:20 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285387
|
- |
|
digitalvidhya
|
digi_online_examination_system
|
Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an exe…
|
CWE-94
Code Injection
|
CVE-2014-8997
|
2024-11-21 11:20 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285388
|
- |
|
nibbleblog
|
nibbleblog
|
Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) author_name or (2) content parameter to index.…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8996
|
2024-11-21 11:20 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285389
|
- |
|
maarch
|
letterbox
|
SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie.
|
CWE-89
SQL Injection
|
CVE-2014-8995
|
2024-11-21 11:20 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285390
|
- |
|
megnicholas
|
clean_and_simple_contact_form
|
Cross-site scripting (XSS) vulnerability in the Contact Form Clean and Simple (clean-and-simple-contact-form-by-meg-nicholas) plugin 4.4.0 and earlier for WordPress allows remote attackers to inject …
|
CWE-79
Cross-site Scripting
|
CVE-2014-8955
|
2024-11-21 11:20 |
2014-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
