|
281121
|
- |
|
cross-rss_plugin_project
|
wp-cross-rss
|
Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.
|
CWE-22
Path Traversal
|
CVE-2014-4941
|
2024-11-21 11:11 |
2014-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281122
|
- |
|
tera_charts_plugin_project
|
tera-charts
|
Multiple directory traversal vulnerabilities in Tera Charts (tera-charts) plugin 0.1 for WordPress allow remote attackers to read arbitrary files via a .. (dot dot) in the fn parameter to (1) charts/…
|
CWE-22
Path Traversal
|
CVE-2014-4940
|
2024-11-21 11:11 |
2014-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281123
|
- |
|
enl_newsletter_plugin_project
|
enl-newsletter
|
SQL injection vulnerability in the ENL Newsletter (enl-newsletter) plugin 1.0.1 for WordPress allows remote authenticated administrators to execute arbitrary SQL commands via the id parameter in the …
|
CWE-89
SQL Injection
|
CVE-2014-4939
|
2024-11-21 11:11 |
2014-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281124
|
- |
|
wp_rss_poster_plugin_project
|
wp-rss-poster
|
SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to w…
|
CWE-89
SQL Injection
|
CVE-2014-4938
|
2024-11-21 11:11 |
2014-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281125
|
- |
|
bookx_plugin_project
|
bookx
|
Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
CWE-22
Path Traversal
|
CVE-2014-4937
|
2024-11-21 11:11 |
2014-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281126
|
- |
|
pnp4nagios
|
pnp4nagios
|
Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1) share/pnp/application/…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4908
|
2024-11-21 11:11 |
2014-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281127
|
- |
|
op5
pnp4nagios
|
monitor
pnp4nagios
|
Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a paramete…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4907
|
2024-11-21 11:11 |
2014-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281128
|
9.8 |
CRITICAL
Network
|
python
redhat
|
python
enterprise_linux
software_collections
|
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct…
|
CWE-22
Path Traversal
|
CVE-2014-4650
|
2024-11-21 11:10 |
2020-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281129
|
5.5 |
MEDIUM
Local
|
redhat
|
ansible
|
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "d…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2014-4659
|
2024-11-21 11:10 |
2020-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
281130
|
5.5 |
MEDIUM
Local
|
redhat
|
ansible
|
The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.
|
CWE-200
Information Exposure
|
CVE-2014-4658
|
2024-11-21 11:10 |
2020-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
