|
280161
|
- |
|
enalean
|
tuleap
|
SQL injection vulnerability in Enalean Tuleap before 7.5.99.4 allows remote authenticated users to execute arbitrary SQL commands via the lobal_txt parameter to plugins/docman.
|
CWE-89
SQL Injection
|
CVE-2014-7176
|
2024-11-21 11:16 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280162
|
- |
|
joomla
|
joomla\!
|
Akeeba Restore (restore.php), as used in Joomla! 2.5.4 through 2.5.25, 3.x through 3.2.5, and 3.3.0 through 3.3.4; Akeeba Backup for Joomla! Professional 3.0.0 through 4.0.2; Backup Professional for …
|
CWE-310
Cryptographic Issues
|
CVE-2014-7228
|
2024-11-21 11:16 |
2014-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280163
|
- |
|
enalean
|
tuleap
|
XML External Entity vulnerability in Enalean Tuleap 7.2 and earlier allows remote authenticated users to read arbitrary files via a crafted xml document in a create action to plugins/tracker/.
|
NVD-CWE-Other
|
CVE-2014-7177
|
2024-11-21 11:16 |
2014-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280164
|
- |
|
electric_cloud
|
electriccommander
|
Electric Cloud ElectricCommander before 4.2.6 and 5.x before 5.0.3 uses world-writable permissions for (1) eccert.pl and (2) ecconfigure.pl, which allows local users to execute arbitrary Perl code by…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7180
|
2024-11-21 11:16 |
2014-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280165
|
- |
|
centrify
|
directcontrol
centrify_suite
|
adsetgroups in Centrify Server Suite 2008 through 2014.1 and Centrify DirectControl 3.x through 4.2.0 on Linux and UNIX allows local users to read arbitrary files with root privileges by leveraging i…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-7298
|
2024-11-21 11:16 |
2014-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280166
|
- |
|
newtelligence
|
dasblog
|
Open redirect vulnerability in the Click-Through feature in Newtelligence dasBlog 2.1 (2.1.8102.813), 2.2 (2.2.8279.16125), and 2.3 (2.3.9074.18820) allows remote attackers to redirect users to arbit…
|
NVD-CWE-Other
|
CVE-2014-7292
|
2024-11-21 11:16 |
2014-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280167
|
- |
|
tenda
|
a32_firmware
a32
|
Cross-site request forgery (CSRF) vulnerability in Shenzhen Tenda Technology Tenda A32 Router with firmware 5.07.53_CN allows remote attackers to hijack the authentication of administrators for reque…
|
CWE-352
Origin Validation Error
|
CVE-2014-7281
|
2024-11-21 11:16 |
2014-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280168
|
- |
|
litecart
|
litecart
|
Multiple cross-site scripting (XSS) vulnerabilities in the search.php in LiteCart 1.1.2.1 and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) query parameter or (2) …
|
CWE-79
Cross-site Scripting
|
CVE-2014-7183
|
2024-11-21 11:16 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280169
|
- |
|
codecabin
|
wp_go_maps
|
Multiple cross-site scripting (XSS) vulnerabilities in the WP Google Maps plugin before 6.0.27 for WordPress allow remote attackers to inject arbitrary web script or HTML via the poly_id parameter in…
|
CWE-79
Cross-site Scripting
|
CVE-2014-7182
|
2024-11-21 11:16 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
280170
|
- |
|
tenable
|
web_ui
|
Cross-site scripting (XSS) vulnerability in the Web UI before 2.3.4 Build #85 for Tenable Nessus 5.x allows remote web servers to inject arbitrary web script or HTML via the server header.
|
CWE-79
Cross-site Scripting
|
CVE-2014-7280
|
2024-11-21 11:16 |
2014-10-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
