|
279091
|
- |
|
phpmyrecipes_project
|
phpmyrecipes
|
SQL injection vulnerability in dosearch.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the words_exact parameter.
|
CWE-89
SQL Injection
|
CVE-2014-9347
|
2024-11-21 11:20 |
2014-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279092
|
- |
|
hierarchical_select_project
|
hierarchical_select
|
Multiple cross-site scripting (XSS) vulnerabilities in the Hierarchical Select module 6.x-3.x before 6.x-3.9 for Drupal allow remote authenticated users with certain permissions to inject arbitrary w…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9346
|
2024-11-21 11:20 |
2014-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279093
|
- |
|
guruperl
|
advertise_with_pleasure\!
|
SQL injection vulnerability in Guruperl.net Advertise With Pleasure! Professional (aka AWP PRO) 6.6 and earlier allows remote attackers to execute arbitrary SQL commands via the group_id parameter in…
|
CWE-89
SQL Injection
|
CVE-2014-9345
|
2024-11-21 11:20 |
2014-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279094
|
- |
|
globiz_solutions
|
snowfox_content_management_system
|
Cross-site request forgery (CSRF) vulnerability in Snowfox CMS before 1.0.10 allows remote attackers to hijack the authentication of administrators for requests that add a new admin account via a sub…
|
CWE-352
Origin Validation Error
|
CVE-2014-9344
|
2024-11-21 11:20 |
2014-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279095
|
- |
|
globiz_solutions
|
snowfox_content_management_system
|
Open redirect vulnerability in modules/system/controller/selectlanguage.class.php in Snowfox CMS 1.0 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via …
|
NVD-CWE-Other
|
CVE-2014-9343
|
2024-11-21 11:20 |
2014-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279096
|
- |
|
reality66
|
cart66_lite
|
SQL injection vulnerability in the shortcodeProductsTable function in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.2 for WordPress allows remote authenticated users to execute arbitrary…
|
CWE-89
SQL Injection
|
CVE-2014-9305
|
2024-11-21 11:20 |
2014-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279097
|
- |
|
mantisbt
|
mantisbt
|
The current_user_get_bug_filter function in core/current_user_api.php in MantisBT before 1.2.18 allows remote attackers to execute arbitrary PHP code via the filter parameter.
|
CWE-94
Code Injection
|
CVE-2014-9280
|
2024-11-21 11:20 |
2014-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279098
|
- |
|
mantisbt
|
mantisbt
|
The print_test_result function in admin/upgrade_unattended.php in MantisBT 1.1.0a3 through 1.2.x before 1.2.18 allows remote attackers to obtain database credentials via a URL in the hostname paramet…
|
CWE-200
Information Exposure
|
CVE-2014-9279
|
2024-11-21 11:20 |
2014-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279099
|
- |
|
opensuse
redhat
debian
|
opensuse
enterprise_linux_desktop
enterprise_linux_workstation
enterprise_linux_server
enterprise_linux_hpc_node
hivex
|
lib/handle.c in Hivex before 1.3.11 allows local users to execute arbitrary code and gain privileges via a small hive files, which triggers an out-of-bounds read or write.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-9273
|
2024-11-21 11:20 |
2014-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279100
|
- |
|
mantisbt
|
mantisbt
|
Cross-site scripting (XSS) vulnerability in the projax_array_serialize_for_autocomplete function in core/projax_api.php in MantisBT 1.1.0a3 through 1.2.17 allows remote attackers to inject arbitrary …
|
CWE-79
Cross-site Scripting
|
CVE-2014-9270
|
2024-11-21 11:20 |
2014-12-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
