|
281371
|
- |
|
mantisbt
|
mantisbt
|
Cross-site scripting (XSS) vulnerability in the selection list in the filters in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators t…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8986
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281372
|
- |
|
moodle
|
moodle
|
The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote attackers t…
|
CWE-20
Improper Input Validation
|
CVE-2014-9060
|
2024-11-21 11:20 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281373
|
- |
|
moodle
|
moodle
|
lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to cond…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9059
|
2024-11-21 11:20 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281374
|
- |
|
zteusa
|
zxdsl_831cii
|
Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the …
|
CWE-352
Origin Validation Error
|
CVE-2014-9027
|
2024-11-21 11:20 |
2014-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281375
|
- |
|
ubercart
|
ubercart
|
The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtai…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9026
|
2024-11-21 11:20 |
2014-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281376
|
- |
|
commerceguys
|
commerce
|
The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at c…
|
CWE-200
Information Exposure
|
CVE-2014-9025
|
2024-11-21 11:20 |
2014-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281377
|
- |
|
protected_pages_project
|
protected_pages
|
The Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows remote attackers to bypass the password protection via a crafted path.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9024
|
2024-11-21 11:20 |
2014-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281378
|
- |
|
twilio_project
|
twilio
|
The Twilio module 7.x-1.x before 7.x-1.9 for Drupal does not properly restrict access to the Twilio administration pages, which allows remote authenticated users to read and modify authentication tok…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9023
|
2024-11-21 11:20 |
2014-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281379
|
- |
|
web_component_roles_project
|
web_component_roles
|
The Webform Component Roles module 6.x-1.x before 6.x-1.8 and 7.x-1.x before 7.x-1.8 for Drupal allows remote attackers to bypass the "disabled" restriction and modify read-only components via a craf…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9022
|
2024-11-21 11:20 |
2014-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281380
|
- |
|
zteusa
|
zxdsl_831
|
Multiple cross-site scripting (XSS) vulnerabilities in ZTE ZXDSL 831 allow remote attackers to inject arbitrary web script or HTML via the (1) tr69cAcsURL, (2) tr69cAcsUser, (3) tr69cAcsPwd, (4) tr69…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9021
|
2024-11-21 11:20 |
2014-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
