|
279341
|
- |
|
ol-commerce_project
|
ol-commerce
|
Multiple cross-site scripting (XSS) vulnerabilities in ol-commerce 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) a_country parameter in a process action to affiliate…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5105
|
2024-11-21 11:11 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279342
|
- |
|
ol-commerce_project
|
ol-commerce
|
Multiple SQL injection vulnerabilities in ol-commerce 2.1.1 allow remote attackers to execute arbitrary SQL commands via the (1) a_country parameter in a process action to affiliate_signup.php, (2) a…
|
CWE-89
SQL Injection
|
CVE-2014-5104
|
2024-11-21 11:11 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279343
|
- |
|
microsoft
|
windows_xp
|
Microsoft Windows XP SP3 does not validate addresses in certain IRP handler routines, which allows local users to write data to arbitrary memory locations, and consequently gain privileges, via a cra…
|
CWE-20
Improper Input Validation
|
CVE-2014-4971
|
2024-11-21 11:11 |
2014-07-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279344
|
- |
|
apple
|
quicktime
|
Apple QuickTime allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed version number and flags in an mvhd atom.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-4979
|
2024-11-21 11:11 |
2014-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279345
|
- |
|
sabreairlinesolutions
|
crew_management
crew_services
crew_training
crew_operations
crew_planning
|
Multiple SQL injection vulnerabilities in CWPLogin.aspx in Sabre AirCentre Crew products 2010.2.12.20008 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (…
|
CWE-89
SQL Injection
|
CVE-2014-4858
|
2024-11-21 11:11 |
2014-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279346
|
- |
|
zohocorp
|
manageengine_eventlog_analyzer
|
Cross-site scripting (XSS) vulnerability in ZOHO ManageEngine EventLog Analyzer 9 build 9000 allows remote attackers to inject arbitrary web script or HTML via the j_username parameter to event/j_sec…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5103
|
2024-11-21 11:11 |
2014-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279347
|
- |
|
vbulletin
|
vbulletin
|
SQL injection vulnerability in vBulletin 5.0.4 through 5.1.3 Alpha 5 allows remote attackers to execute arbitrary SQL commands via the criteria[startswith] parameter to ajax/render/memberlist_items.
|
CWE-89
SQL Injection
|
CVE-2014-5102
|
2024-11-21 11:11 |
2014-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279348
|
- |
|
webidsupport
|
webid
|
Multiple cross-site scripting (XSS) vulnerabilities in WeBid 1.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) TPL_name, (2) TPL_nick, (3) TPL_email, (4) TPL_year, (5) T…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5101
|
2024-11-21 11:11 |
2014-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279349
|
- |
|
omeka
|
omeka
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Omeka before 2.2.1 allow remote attackers to hijack the authentication of administrators for requests that (1) add a new super user accou…
|
CWE-352
Origin Validation Error
|
CVE-2014-5100
|
2024-11-21 11:11 |
2014-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279350
|
- |
|
reviewboard
|
review_board
|
Cross-site scripting (XSS) vulnerability in Review Board 1.7.x before 1.7.27 and 2.0.x before 2.0.4 allows remote attackers to inject arbitrary web script or HTML via a query parameter to a diff frag…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5027
|
2024-11-21 11:11 |
2014-07-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
