|
281421
|
- |
|
timed_popup_project
|
timed_popup
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugin 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for reque…
|
CWE-352
Origin Validation Error
|
CVE-2014-9525
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281422
|
- |
|
facebook_like_box_project
|
facebook_like_box
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication o…
|
CWE-352
Origin Validation Error
|
CVE-2014-9524
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281423
|
- |
|
smartcat
|
our_team_showcase
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanced) plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administ…
|
CWE-352
Origin Validation Error
|
CVE-2014-9523
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281424
|
- |
|
papoo
|
cms_papoo_light
|
Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) …
|
CWE-79
Cross-site Scripting
|
CVE-2014-9522
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281425
|
- |
|
infinitewp
|
infinitewp
|
Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by upl…
|
CWE-94
Code Injection
|
CVE-2014-9521
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281426
|
- |
|
infinitewp
|
infinitewp
|
SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter.
|
CWE-89
SQL Injection
|
CVE-2014-9520
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281427
|
- |
|
infinitewp
|
infinitewp
|
SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter.
|
CWE-89
SQL Injection
|
CVE-2014-9519
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281428
|
- |
|
d-link
|
dir-655_firmware
dir-655
|
Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_respon…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9518
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281429
|
- |
|
dlink
|
dcs-2103_firmware
|
Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9517
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281430
|
- |
|
social_microblogging_pro_project
|
social_microblogging_pro
|
Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the "Web Site"…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9516
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
