|
278151
|
- |
|
woothemes
|
woocommerce_plugin
|
Cross-site scripting (XSS) vulnerability in the WooCommerce plugin before 2.2.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the range parameter on the wc-reports …
|
CWE-79
Cross-site Scripting
|
CVE-2014-6313
|
2024-11-21 11:14 |
2014-10-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278152
|
- |
|
photo_gallery_plugin_project
|
photo_gallery_plugin
|
Multiple cross-site scripting (XSS) vulnerabilities in the Web-Dorado Photo Gallery plugin 1.1.30 and earlier for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) c…
|
CWE-79
Cross-site Scripting
|
CVE-2014-6315
|
2024-11-21 11:14 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278153
|
- |
|
ewww_image_optimizer_plugin_project
|
ewww_image_optimizer_plugin
|
Cross-site scripting (XSS) vulnerability in the EWWW Image Optimizer plugin before 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the error parameter in the ew…
|
CWE-79
Cross-site Scripting
|
CVE-2014-6243
|
2024-11-21 11:14 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278154
|
- |
|
elasticsearch
|
elasticsearch
|
Cross-site scripting (XSS) vulnerability in the CORS functionality in Elasticsearch before 1.4.0.Beta1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-6439
|
2024-11-21 11:14 |
2014-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278155
|
- |
|
joomla
|
joomla\!
|
Joomla! 2.5.x before 2.5.25, 3.x before 3.2.4, and 3.3.x before 3.3.4 allows remote attackers to authenticate and bypass intended access restrictions via vectors involving LDAP authentication.
|
CWE-287
Improper Authentication
|
CVE-2014-6632
|
2024-11-21 11:14 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278156
|
- |
|
joomla
|
joomla\!
|
Cross-site scripting (XSS) vulnerability in com_media in Joomla! 3.2.x before 3.2.5 and 3.3.x before 3.3.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-6631
|
2024-11-21 11:14 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278157
|
- |
|
fedoraproject
apple
joyent
|
fedora
xcode
node.js
|
visionmedia send before 0.8.4 for Node.js uses a partial comparison for verifying whether a directory is within the document root, which allows remote attackers to access restricted directories, as d…
|
CWE-22
Path Traversal
|
CVE-2014-6394
|
2024-11-21 11:14 |
2014-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278158
|
- |
|
openinfosecfoundation
|
suricata
|
The SSHParseBanner function in SSH parser (app-layer-ssh.c) in Suricata before 2.0.4 allows remote attackers to bypass SSH rules, cause a denial of service (crash), or possibly have unspecified other…
|
CWE-399
Resource Management Errors
|
CVE-2014-6603
|
2024-11-21 11:14 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278159
|
- |
|
gopro
|
gopro_hero_firmware
gopro_hero
|
gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary commands via a the (1) a1 or (2) a2 parameter in a restart action.
|
CWE-78
OS Command
|
CVE-2014-6434
|
2024-11-21 11:14 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278160
|
- |
|
gopro
|
gopro_hero_firmware
gopro_hero
|
gpExec in GoPro HERO 3+ allows remote attackers to execute arbitrary files via a the (1) a1 or (2) a2 parameter in a start action.
|
CWE-94
Code Injection
|
CVE-2014-6433
|
2024-11-21 11:14 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
