|
278231
|
- |
|
drupal
|
drupal
|
Cross-site scripting (XSS) vulnerability in the Ajax system in Drupal 7.x before 7.29 allows remote attackers to inject arbitrary web script or HTML via vectors involving forms with an Ajax-enabled t…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5022
|
2024-11-21 11:11 |
2014-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278232
|
- |
|
drupal
|
drupal
|
Cross-site scripting (XSS) vulnerability in the Form API in Drupal 6.x before 6.32 and possibly 7.x before 7.29 allows remote authenticated users with the "administer taxonomy" permission to inject a…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5021
|
2024-11-21 11:11 |
2014-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278233
|
- |
|
drupal
|
drupal
|
The File module in Drupal 7.x before 7.29 does not properly check permissions to view files, which allows remote authenticated users with certain permissions to bypass intended restrictions and read …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5020
|
2024-11-21 11:11 |
2014-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278234
|
- |
|
drupal
|
drupal
|
The multisite feature in Drupal 6.x before 6.32 and 7.x before 7.29 allows remote attackers to cause a denial of service via a crafted HTTP Host header, related to determining which configuration fil…
|
CWE-20
Improper Input Validation
|
CVE-2014-5019
|
2024-11-21 11:11 |
2014-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278235
|
- |
|
polarssl
debian
|
polarssl
debian_linux
|
The ssl_decrypt_buf function in library/ssl_tls.c in PolarSSL before 1.2.11 and 1.3.x before 1.3.8 allows remote attackers to cause a denial of service (crash) via vectors related to the GCM ciphersu…
|
CWE-310
Cryptographic Issues
|
CVE-2014-4911
|
2024-11-21 11:11 |
2014-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278236
|
- |
|
limesurvey
|
limesurvey
|
Incomplete blacklist vulnerability in the autoEscape function in common_helper.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to conduct cross-site scripting (XSS) attacks via the GBK c…
|
NVD-CWE-Other
|
CVE-2014-5018
|
2024-11-21 11:11 |
2014-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278237
|
- |
|
limesurvey
|
limesurvey
|
SQL injection vulnerability in CPDB in application/controllers/admin/participantsaction.php in LimeSurvey 2.05+ Build 140618 allows remote attackers to execute arbitrary SQL commands via the sidx par…
|
CWE-89
SQL Injection
|
CVE-2014-5017
|
2024-11-21 11:11 |
2014-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278238
|
- |
|
limesurvey
|
limesurvey
|
Multiple cross-site scripting (XSS) vulnerabilities in LimeSurvey 2.05+ Build 140618 allow remote attackers to inject arbitrary web script or HTML via (1) the pid attribute to the getAttribute_json f…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5016
|
2024-11-21 11:11 |
2014-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278239
|
- |
|
joomlaboat
|
com_youtubegallery
|
Multiple SQL injection vulnerabilities in models\gallery.php in Youtube Gallery (com_youtubegallery) component 4.x through 4.1.7, and possibly 3.x, for Joomla! allow remote attackers to execute arbit…
|
CWE-89
SQL Injection
|
CVE-2014-4960
|
2024-11-21 11:11 |
2014-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278240
|
- |
|
opensuse
phpmyadmin
|
opensuse
phpmyadmin
|
server_user_groups.php in phpMyAdmin 4.1.x before 4.1.14.2 and 4.2.x before 4.2.6 allows remote authenticated users to bypass intended access restrictions and read the MySQL user list via a viewUsers…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-4987
|
2024-11-21 11:11 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
