|
282251
|
- |
|
simple_retail_menus_plugin_project
|
simple-retail-menus
|
SQL injection vulnerability in includes/mode-edit.php in the Simple Retail Menus (simple-retail-menus) plugin before 4.1 for WordPress allows remote authenticated editors to execute arbitrary SQL com…
|
CWE-89
SQL Injection
|
CVE-2014-5183
|
2024-11-21 11:11 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282252
|
- |
|
ostenta
|
yawpp
|
Multiple SQL injection vulnerabilities in the yawpp plugin 1.2 for WordPress allow remote authenticated users with Contributor privileges to execute arbitrary SQL commands via vectors related to (1) …
|
CWE-89
SQL Injection
|
CVE-2014-5182
|
2024-11-21 11:11 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282253
|
- |
|
last.fm_rotation_plugin_project
|
lastfm-rotation_plugin
|
Directory traversal vulnerability in lastfm-proxy.php in the Last.fm Rotation (lastfm-rotation) plugin 1.0 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the snod…
|
CWE-22
Path Traversal
|
CVE-2014-5181
|
2024-11-21 11:11 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282254
|
- |
|
hdwplayer
|
hdw-player-video-player-video-gallery
|
SQL injection vulnerability in the videos page in the HDW Player Plugin (hdw-player-video-player-video-gallery) 2.4.2 for WordPress allows remote authenticated administrators to execute arbitrary SQL…
|
CWE-89
SQL Injection
|
CVE-2014-5180
|
2024-11-21 11:11 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282255
|
- |
|
freelinking_for_case_tracker_project
freelinking_project
|
freelinking_for_case_tracker
freelinking
|
The freelinking module for Drupal, as used in the Freelinking for Case Tracker module, does not properly check access permissions for (1) nodes or (2) users, which allows remote attackers to obtain s…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-5179
|
2024-11-21 11:11 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282256
|
- |
|
efssoft
|
easy_file_sharing_web_server
|
Multiple cross-site scripting (XSS) vulnerabilities in Easy File Sharing (EFS) Web Server 6.8 allow remote authenticated users to inject arbitrary web script or HTML via the content parameter when (1…
|
CWE-79
Cross-site Scripting
|
CVE-2014-5178
|
2024-11-21 11:11 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282257
|
- |
|
status2k
|
status2k
|
admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary commands via shell metacharacters in the Location field in Add Logs in the Admin Panel.
|
CWE-94
Code Injection
|
CVE-2014-5090
|
2024-11-21 11:11 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282258
|
- |
|
status2k
|
status2k
|
SQL injection vulnerability in admin/options/logs.php in Status2k allows remote authenticated administrators to execute arbitrary SQL commands via the log parameter.
|
CWE-89
SQL Injection
|
CVE-2014-5089
|
2024-11-21 11:11 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282259
|
- |
|
status2k
|
status2k
|
Cross-site scripting (XSS) vulnerability in Status2k allows remote attackers to inject arbitrary web script or HTML via the username to login.php.
|
CWE-79
Cross-site Scripting
|
CVE-2014-5088
|
2024-11-21 11:11 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282260
|
- |
|
sphider
|
sphider
|
Multiple SQL injection vulnerabilities in admin/admin.php in Sphider 1.3.6 and earlier, Sphider Pro, and Sphider-plus allow remote attackers to execute arbitrary SQL commands via the (1) site_id or (…
|
CWE-89
SQL Injection
|
CVE-2014-5082
|
2024-11-21 11:11 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
