|
281361
|
- |
|
wordpress
debian
|
wordpress
debian_linux
|
Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script o…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9035
|
2024-11-21 11:20 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281362
|
- |
|
wordpress
|
wordpress
|
wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long …
|
CWE-19
Data Processing Errors
|
CVE-2014-9034
|
2024-11-21 11:20 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281363
|
- |
|
wordpress
|
wordpress
|
Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that res…
|
CWE-352
Origin Validation Error
|
CVE-2014-9033
|
2024-11-21 11:20 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281364
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via …
|
CWE-79
Cross-site Scripting
|
CVE-2014-9032
|
2024-11-21 11:20 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281365
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HT…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9031
|
2024-11-21 11:20 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281366
|
- |
|
xen
debian
opensuse
|
xen
debian_linux
opensuse
|
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an…
|
CWE-20
Improper Input Validation
|
CVE-2014-9030
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281367
|
- |
|
drupal
secure_password_hashes_project
debian
|
drupal
secure_passwords_hashes
debian_linux
|
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and m…
|
NVD-CWE-noinfo
|
CVE-2014-9016
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281368
|
- |
|
drupal
debian
|
drupal
debian_linux
|
Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS session…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9015
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281369
|
- |
|
pypa
oracle
|
pip
solaris
|
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
|
NVD-CWE-noinfo
|
CVE-2014-8991
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281370
|
- |
|
mantisbt
|
mantisbt
|
MantisBT before 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by le…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8988
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
