|
281571
|
- |
|
reality66
|
cart66_lite
|
SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a …
|
CWE-89
SQL Injection
|
CVE-2014-9442
|
2024-11-21 11:20 |
2015-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281572
|
- |
|
lightbox_photo_gallery_project
|
lightbox_photo_gallery
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests th…
|
CWE-352
Origin Validation Error
|
CVE-2014-9441
|
2024-11-21 11:20 |
2015-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281573
|
- |
|
phpmyrecipes_project
|
phpmyrecipes
|
SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter.
|
CWE-89
SQL Injection
|
CVE-2014-9440
|
2024-11-21 11:20 |
2015-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281574
|
- |
|
efssoft
|
easy_file_sharing_web_server
|
Cross-site scripting (XSS) vulnerability in Easy File Sharing Web Server 6.8 allows remote attackers to inject arbitrary web script or HTML via the username field during registration, which is not pr…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9439
|
2024-11-21 11:20 |
2015-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281575
|
- |
|
vbulletin
|
vbulletin
|
Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that (1) ban a us…
|
CWE-352
Origin Validation Error
|
CVE-2014-9438
|
2024-11-21 11:20 |
2015-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281576
|
- |
|
sliding_social_icons_project
|
sliding_social_icons
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests tha…
|
CWE-352
Origin Validation Error
|
CVE-2014-9437
|
2024-11-21 11:20 |
2015-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281577
|
- |
|
sysaid
|
sysaid
|
Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile.
|
CWE-22
Path Traversal
|
CVE-2014-9436
|
2024-11-21 11:20 |
2015-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281578
|
- |
|
absolutengine
|
absolut_engine
|
Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the (1) sectionID parameter to admin/managersection.php, (2) userI…
|
CWE-89
SQL Injection
|
CVE-2014-9435
|
2024-11-21 11:20 |
2015-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281579
|
- |
|
absolutengine
|
absolut_engine
|
Cross-site scripting (XSS) vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via …
|
CWE-79
Cross-site Scripting
|
CVE-2014-9434
|
2024-11-21 11:20 |
2015-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281580
|
- |
|
contenido
|
contendio
|
Multiple cross-site scripting (XSS) vulnerabilities in cms/front_content.php in Contenido before 4.9.6, when advanced mod rewrite (AMR) is disabled, allow remote attackers to inject arbitrary web scr…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9433
|
2024-11-21 11:20 |
2015-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
