|
288531
|
- |
|
whydowork_adsense_project
|
whydowork_adsense
|
Cross-site request forgery (CSRF) vulnerability in the WhyDoWork AdSense plugin 1.2 for WordPress allows remote attackers to hijack the authentication of administrators for requests that have unspeci…
|
CWE-352
Origin Validation Error
|
CVE-2014-9099
|
2024-11-21 11:20 |
2014-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288532
|
- |
|
apptha
|
contus_video_gallery
|
Multiple cross-site scripting (XSS) vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly before 2014-07-23, for WordPress allow remote authenticated users…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9098
|
2024-11-21 11:20 |
2014-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288533
|
- |
|
apptha
|
contus_video_gallery
|
Multiple SQL injection vulnerabilities in the Apptha WordPress Video Gallery (contus-video-gallery) plugin 2.5, possibly as distributed before 2014-07-23, for WordPress allow (1) remote attackers to …
|
CWE-89
SQL Injection
|
CVE-2014-9097
|
2024-11-21 11:20 |
2014-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288534
|
- |
|
pligg
|
pligg_cms
|
Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter.
|
CWE-89
SQL Injection
|
CVE-2014-9096
|
2024-11-21 11:20 |
2014-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288535
|
- |
|
raritan
|
power_iq
|
Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records.
|
CWE-89
SQL Injection
|
CVE-2014-9095
|
2024-11-21 11:20 |
2014-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288536
|
- |
|
digitalzoomstudio
|
video_gallery
|
Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web s…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9094
|
2024-11-21 11:20 |
2014-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288537
|
- |
|
libreoffice fedoraproject canonical debian
|
libreoffice fedora ubuntu_linux debian_linux
|
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.
|
CWE-20
Improper Input Validation
|
CVE-2014-9093
|
2024-11-21 11:20 |
2014-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288538
|
- |
|
flac
|
libflac
|
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-9028
|
2024-11-21 11:20 |
2014-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288539
|
- |
|
flac
|
libflac
|
Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-8962
|
2024-11-21 11:20 |
2014-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288540
|
- |
|
debian mageia_project wordpress
|
debian_linux mageia wordpress
|
wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that rec…
|
CWE-254
7PK - Security Features
|
CVE-2014-9039
|
2024-11-21 11:20 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|