|
282431
|
- |
|
mybb
|
mybb
|
SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register act…
|
CWE-89
SQL Injection
|
CVE-2014-9240
|
2024-11-21 11:20 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282432
|
- |
|
invisionpower
invisioncommunity
|
invision_power_board
|
SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote …
|
CWE-89
SQL Injection
|
CVE-2014-9239
|
2024-11-21 11:20 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282433
|
- |
|
d-link
|
dcs-2103_hd_cube_network_camera_firmware
|
D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) characte…
|
CWE-22
Path Traversal
|
CVE-2014-9238
|
2024-11-21 11:20 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282434
|
- |
|
proticaret
|
proticaret
|
SQL injection vulnerability in Proticaret E-Commerce 3.0 allows remote attackers to execute arbitrary SQL commands via a tem:Code element in a SOAP request.
|
CWE-89
SQL Injection
|
CVE-2014-9237
|
2024-11-21 11:20 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282435
|
- |
|
zoph
|
zoph
|
Cross-site scripting (XSS) vulnerability in php/edit_photos.php in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the (1) photog…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9236
|
2024-11-21 11:20 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282436
|
- |
|
zoph
|
zoph
|
Multiple SQL injection vulnerabilities in Zoph (aka Zoph Organizes Photos) 0.9.1 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) _action parameter to group.…
|
CWE-89
SQL Injection
|
CVE-2014-9235
|
2024-11-21 11:20 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282437
|
- |
|
d-link
|
dcs-2103_hd_cube_network_camera_firmware
|
Directory traversal vulnerability in cgi-bin/sddownload.cgi in D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
CWE-22
Path Traversal
|
CVE-2014-9234
|
2024-11-21 11:20 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282438
|
- |
|
debian
graphviz
|
debian_linux
graphviz
|
Format string vulnerability in the yyerror function in lib/cgraph/scan.l in Graphviz allows remote attackers to have unspecified impact via format string specifiers in unknown vectors, which are not …
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2014-9157
|
2024-11-21 11:20 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282439
|
- |
|
huawei
|
honor_cube_wireless_router_ws860s_firewall
honor_cube_wireless_router_ws860s
|
Unrestricted file upload vulnerability in Huawei Honor Cube Wireless Router WS860s before V100R001C02B222 allows remote attackers to execute arbitrary code by uploading a file with an executable exte…
|
NVD-CWE-Other
|
CVE-2014-9134
|
2024-11-21 11:20 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282440
|
- |
|
icecast
|
icecast
|
Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors.
|
CWE-200
Information Exposure
|
CVE-2014-9018
|
2024-11-21 11:20 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
