|
282441
|
- |
|
fedoraproject
openvas
opensuse
|
fedora
openvas_manager
opensuse
|
SQL injection vulnerability in OpenVAS Manager before 4.0.6 and 5.x before 5.0.7 allows remote attackers to execute arbitrary SQL commands via the timezone parameter in a modify_schedule OMP command.
|
CWE-89
SQL Injection
|
CVE-2014-9220
|
2024-11-21 11:20 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282442
|
- |
|
thomsonreuters
|
fixed_assets_cs
|
The installer in Thomson Reuters Fixed Assets CS 13.1.4 and earlier uses weak permissions for connectbgdl.exe, which allows local users to execute arbitrary code by modifying this program.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9141
|
2024-11-21 11:20 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282443
|
- |
|
zte
|
zxdsl
|
ZTE ZXDSL 831CII allows remote attackers to bypass authentication via a direct request to (1) main.cgi, (2) adminpasswd.cgi, (3) userpasswd.cgi, (4) upload.cgi, (5) conprocess.cgi, or (6) connect.cgi.
|
CWE-287
Improper Authentication
|
CVE-2014-9184
|
2024-11-21 11:20 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282444
|
- |
|
zte
|
zxdsl
|
ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges.
|
CWE-255
Credentials Management
|
CVE-2014-9183
|
2024-11-21 11:20 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282445
|
- |
|
anchorcms
|
anchor_cms
|
models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9182
|
2024-11-21 11:20 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282446
|
- |
|
plex
|
media_server
|
Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. (dot dot) in the URI to (1) manage/ or (2) web/ or remote auth…
|
CWE-22
Path Traversal
|
CVE-2014-9181
|
2024-11-21 11:20 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282447
|
- |
|
eleanor-cms
|
eleanor_cms
|
Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING.
|
NVD-CWE-Other
|
CVE-2014-9180
|
2024-11-21 11:20 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282448
|
- |
|
supportezzy_ticket_system_project
|
supportezzy_ticket_system
|
Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the "URL (optional)" …
|
CWE-79
Cross-site Scripting
|
CVE-2014-9179
|
2024-11-21 11:20 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282449
|
- |
|
smartypantsplugins
|
sp_project_\&_document_manager
|
Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote a…
|
CWE-89
SQL Injection
|
CVE-2014-9178
|
2024-11-21 11:20 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282450
|
- |
|
svnlabs
|
html5_mp3_player_with_playlist_free
|
The HTML5 MP3 Player with Playlist Free plugin before 2.7 for WordPress allows remote attackers to obtain the installation path via a request to html5plus/playlist.php.
|
CWE-200
Information Exposure
|
CVE-2014-9177
|
2024-11-21 11:20 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
