|
277061
|
- |
|
o2tweet_project
|
o2tweet
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the O2Tweet plugin 0.0.4 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests tha…
|
CWE-352
Origin Validation Error
|
CVE-2014-9338
|
2024-11-21 11:20 |
2014-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277062
|
- |
|
mikiurl_wordpress_eklentisi_project
|
mikiurl_wordpress_eklentisi
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mikiurl Wordpress Eklentisi plugin 2.0 and earlier for WordPress allow remote attackers to hijack the authentication of administrator…
|
CWE-352
Origin Validation Error
|
CVE-2014-9337
|
2024-11-21 11:20 |
2014-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277063
|
- |
|
itwitter_project
|
itwitter
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the iTwitter plugin 0.04 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for requests tha…
|
CWE-352
Origin Validation Error
|
CVE-2014-9336
|
2024-11-21 11:20 |
2014-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277064
|
- |
|
dandyid_services_project
|
dandyid_services
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the DandyID Services plugin 1.5.9 and earlier for WordPress allow remote attackers to hijack the authentication of administrators for req…
|
CWE-352
Origin Validation Error
|
CVE-2014-9335
|
2024-11-21 11:20 |
2014-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277065
|
- |
|
otrs
|
otrs_help_desk
|
The GenericInterface in OTRS Help Desk 3.2.x before 3.2.17, 3.3.x before 3.3.11, and 4.0.x before 4.0.3 allows remote authenticated users to access and modify arbitrary tickets via unspecified vector…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9324
|
2024-11-21 11:20 |
2014-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277066
|
- |
|
glpi-project
|
glpi
|
SQL injection vulnerability in ajax/getDropdownValue.php in GLPI before 0.85.1 allows remote authenticated users to execute arbitrary SQL commands via the condition parameter.
|
CWE-89
SQL Injection
|
CVE-2014-9258
|
2024-11-21 11:20 |
2014-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277067
|
- |
|
morfy_cms_project
|
morfy_cms
|
Static code injection vulnerability in install.php in Morfy CMS 1.05 allows remote authenticated users to inject arbitrary PHP code into config.php via the site_url parameter.
|
CWE-94
Code Injection
|
CVE-2014-9185
|
2024-11-21 11:20 |
2014-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277068
|
- |
|
huawei
|
p7-l10_firmware
|
The PackageInstaller module in Huawei P7-L10 smartphones before V100R001C00B136 allows remote attackers to spoof the origin website and bypass the website whitelist protection mechanism via a crafted…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9135
|
2024-11-21 11:20 |
2014-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277069
|
- |
|
arris
|
touchstone_tg862g\/ct_firmware
|
ARRIS Touchstone TG862G/CT Telephony Gateway with firmware 7.6.59S.CT and earlier has a default password of password for the admin account, which makes it easier for remote attackers to obtain access…
|
CWE-255
Credentials Management
|
CVE-2014-9406
|
2024-11-21 11:20 |
2014-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277070
|
- |
|
mantisbt
|
mantisbt
|
bug_report.php in MantisBT before 1.2.18 allows remote attackers to assign arbitrary issues via the handler_id parameter.
|
CWE-284
Improper Access Control
|
CVE-2014-9388
|
2024-11-21 11:20 |
2014-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
