|
277801
|
- |
|
drupal
debian
|
drupal
debian_linux
|
Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS session…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9015
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277802
|
- |
|
pypa
oracle
|
pip
solaris
|
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
|
NVD-CWE-noinfo
|
CVE-2014-8991
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277803
|
- |
|
mantisbt
|
mantisbt
|
MantisBT before 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by le…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8988
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277804
|
- |
|
mantisbt
|
mantisbt
|
Cross-site scripting (XSS) vulnerability in the selection list in the filters in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators t…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8986
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277805
|
- |
|
moodle
|
moodle
|
The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote attackers t…
|
CWE-20
Improper Input Validation
|
CVE-2014-9060
|
2024-11-21 11:20 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277806
|
- |
|
moodle
|
moodle
|
lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to cond…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9059
|
2024-11-21 11:20 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277807
|
- |
|
zteusa
|
zxdsl_831cii
|
Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the …
|
CWE-352
Origin Validation Error
|
CVE-2014-9027
|
2024-11-21 11:20 |
2014-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277808
|
- |
|
ubercart
|
ubercart
|
The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtai…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9026
|
2024-11-21 11:20 |
2014-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277809
|
- |
|
commerceguys
|
commerce
|
The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at c…
|
CWE-200
Information Exposure
|
CVE-2014-9025
|
2024-11-21 11:20 |
2014-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
277810
|
- |
|
protected_pages_project
|
protected_pages
|
The Protected Pages module 7.x-2.x before 7.x-2.4 for Drupal allows remote attackers to bypass the password protection via a crafted path.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9024
|
2024-11-21 11:20 |
2014-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
