|
282451
|
- |
|
instasqueeze
|
sexy_squeeze_pages
|
Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy Squeeze Pages plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.ph…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9176
|
2024-11-21 11:20 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282452
|
- |
|
wpdatatables
|
wpdatatables
|
SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a ge…
|
CWE-89
SQL Injection
|
CVE-2014-9175
|
2024-11-21 11:20 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282453
|
- |
|
yoast
|
google_analytics
|
Cross-site scripting (XSS) vulnerability in the Google Analytics by Yoast (google-analytics-for-wordpress) plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or …
|
CWE-79
Cross-site Scripting
|
CVE-2014-9174
|
2024-11-21 11:20 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282454
|
- |
|
google_doc_embedder_project
|
google_doc_embedder
|
SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.
|
CWE-89
SQL Injection
|
CVE-2014-9173
|
2024-11-21 11:20 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282455
|
- |
|
suse
mutt
debian
mageia
|
linux_enterprise_desktop
suse_linux_enterprise_server
mutt
debian_linux
mageia
|
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-9116
|
2024-11-21 11:20 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282456
|
- |
|
cchgroup
|
prosystem_fx_engagement
|
CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktop…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9113
|
2024-11-21 11:20 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282457
|
- |
|
gnu
debian
|
cpio
debian_linux
|
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-9112
|
2024-11-21 11:20 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282458
|
- |
|
filefield_project
|
filefield
|
The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read pr…
|
CWE-200
Information Exposure
|
CVE-2014-9156
|
2024-11-21 11:20 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282459
|
- |
|
avatar_uploader_project
|
avatar_uploader
|
Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (…
|
CWE-22
Path Traversal
|
CVE-2014-9155
|
2024-11-21 11:20 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282460
|
- |
|
notify_project
|
notify
|
The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titl…
|
CWE-200
Information Exposure
|
CVE-2014-9154
|
2024-11-21 11:20 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
