|
276831
|
- |
|
monstra
|
monstra
|
Monstra 3.0.1 and earlier uses a cookie to track how many login attempts have been attempted, which allows remote attackers to conduct brute force login attacks by deleting the login_attempts cookie …
|
CWE-255
Credentials Management
|
CVE-2014-9006
|
2024-11-21 11:20 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276832
|
- |
|
vld_interactive
|
vldpersonals
|
Multiple SQL injection vulnerabilities in vldPersonals before 2.7.1 allow remote attackers to execute arbitrary SQL commands via the (1) country, (2) gender1, or ((3) gender2 parameter in a search ac…
|
CWE-89
SQL Injection
|
CVE-2014-9005
|
2024-11-21 11:20 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276833
|
- |
|
vld_interactive
|
vldpersonals
|
Cross-site scripting (XSS) vulnerability in vldPersonals before 2.7.1 allows remote attackers to inject arbitrary web script or HTML via the id parameter in a member_profile action to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9004
|
2024-11-21 11:20 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276834
|
- |
|
lantronix
|
xprintserver
|
Cross-site request forgery (CSRF) vulnerability in Lantronix xPrintServer allows remote attackers to hijack the authentication of administrators for requests that modify configuration, as demonstrate…
|
CWE-352
Origin Validation Error
|
CVE-2014-9003
|
2024-11-21 11:20 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276835
|
- |
|
lantronix
|
xprintserver
|
Lantronix xPrintServer does not properly restrict access to ips/, which allows remote attackers to execute arbitrary commands via the c parameter in an rpc action.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9002
|
2024-11-21 11:20 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276836
|
- |
|
incrediblepbx
|
incredible_pbx_11
|
reminders/index.php in Incredible PBX 11 2.0.6.5.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the (1) APPTMIN, (2) APPTHR, (3) APPTDA, (4) APPTMO, (5)…
|
CWE-94
Code Injection
|
CVE-2014-9001
|
2024-11-21 11:20 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276837
|
- |
|
mulesoft
|
mule_enterprise_management_console
|
Mule Enterprise Management Console (MMC) does not properly restrict access to handler/securityService.rpc, which allows remote authenticated users to gain administrator privileges and execute arbitra…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9000
|
2024-11-21 11:20 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276838
|
- |
|
xoops
|
xoops
|
SQL injection vulnerability in htdocs/modules/system/admin.php in XOOPS before 2.5.7 Final allows remote authenticated users to execute arbitrary SQL commands via the selgroups parameter.
|
CWE-89
SQL Injection
|
CVE-2014-8999
|
2024-11-21 11:20 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276839
|
- |
|
x7chat
|
x7_chat
|
lib/message.php in X7 Chat 2.0.0 through 2.0.5.1 allows remote authenticated users to execute arbitrary PHP code via a crafted HTTP header to index.php, which is processed by the preg_replace functio…
|
CWE-94
Code Injection
|
CVE-2014-8998
|
2024-11-21 11:20 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
276840
|
- |
|
digitalvidhya
|
digi_online_examination_system
|
Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an exe…
|
CWE-94
Code Injection
|
CVE-2014-8997
|
2024-11-21 11:20 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
