|
279181
|
- |
|
modx
|
modx_revolution
|
MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF toke…
|
CWE-352
Origin Validation Error
|
CVE-2014-8773
|
2024-11-21 11:19 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279182
|
- |
|
x3cms
|
x3_cms
|
Cross-site scripting (XSS) vulnerability in the search_controller in X3 CMS 0.5.1 and 0.5.1.1 allows remote authenticated users to inject arbitrary web script or HTML via the search parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-8772
|
2024-11-21 11:19 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279183
|
- |
|
x3cms
|
x3_cms
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the admin area in X3 CMS 0.5.1 and 0.5.1.1 allow remote attackers to hijack the authentication of administrators via unspecified vectors.
|
CWE-352
Origin Validation Error
|
CVE-2014-8771
|
2024-11-21 11:19 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279184
|
- |
|
kennziffer
|
ke_questionnaire
|
The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a …
|
CWE-200
Information Exposure
|
CVE-2014-8874
|
2024-11-21 11:19 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279185
|
- |
|
gleamtech
|
filevista
|
GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled durin…
|
CWE-20
Improper Input Validation
|
CVE-2014-8789
|
2024-11-21 11:19 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279186
|
- |
|
gleamtech
|
filevista
|
GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message.
|
CWE-200
Information Exposure
|
CVE-2014-8788
|
2024-11-21 11:19 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279187
|
- |
|
ad-manager_project
|
ad-manager
|
Open redirect vulnerability in track-click.php in the Ad-Manager plugin 1.1.2 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in …
|
NVD-CWE-Other
|
CVE-2014-8754
|
2024-11-21 11:19 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279188
|
- |
|
subex
|
roc_fraud_management_system
|
SQL injection vulnerability in the login page (login/login) in Subex ROC Fraud Management (aka Fraud Management System and FMS) 7.4 and earlier allows remote attackers to execute arbitrary SQL comman…
|
CWE-89
SQL Injection
|
CVE-2014-8728
|
2024-11-21 11:19 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279189
|
- |
|
enalean
|
tuleap
|
project/register.php in Tuleap before 7.7, when sys_create_project_in_one_step is disabled, allows remote authenticated users to conduct PHP object injection attacks and execute arbitrary PHP code vi…
|
CWE-94
Code Injection
|
CVE-2014-8791
|
2024-11-21 11:19 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279190
|
- |
|
redhat
xen
debian
opensuse
|
enterprise_linux
enterprise_linux_desktop
xen
debian_linux
opensuse
|
The acceleration support for the "REP MOVS" instruction in Xen 4.4.x, 3.2.x, and earlier lacks properly bounds checking for memory mapped I/O (MMIO) emulated in the hypervisor, which allows local HVM…
|
CWE-17
Code
|
CVE-2014-8867
|
2024-11-21 11:19 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
