|
276911
|
- |
|
wordpress
|
wordpress
|
Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that res…
|
CWE-352
Origin Validation Error
|
CVE-2014-9033
|
2024-11-21 11:20 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276912
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via …
|
CWE-79
Cross-site Scripting
|
CVE-2014-9032
|
2024-11-21 11:20 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276913
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HT…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9031
|
2024-11-21 11:20 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276914
|
- |
|
xen
debian
opensuse
|
xen
debian_linux
opensuse
|
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an…
|
CWE-20
Improper Input Validation
|
CVE-2014-9030
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276915
|
- |
|
drupal
secure_password_hashes_project
debian
|
drupal
secure_passwords_hashes
debian_linux
|
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and m…
|
NVD-CWE-noinfo
|
CVE-2014-9016
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276916
|
- |
|
drupal
debian
|
drupal
debian_linux
|
Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS session…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9015
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276917
|
- |
|
pypa
oracle
|
pip
solaris
|
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
|
NVD-CWE-noinfo
|
CVE-2014-8991
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276918
|
- |
|
mantisbt
|
mantisbt
|
MantisBT before 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by le…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8988
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276919
|
- |
|
mantisbt
|
mantisbt
|
Cross-site scripting (XSS) vulnerability in the selection list in the filters in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators t…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8986
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276920
|
- |
|
moodle
|
moodle
|
The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote attackers t…
|
CWE-20
Improper Input Validation
|
CVE-2014-9060
|
2024-11-21 11:20 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
