|
278991
|
- |
|
vdgsecurity
|
vdg_sense
|
VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows …
|
CWE-200
Information Exposure
|
CVE-2014-9576
|
2024-11-21 11:21 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278992
|
- |
|
vdgsecurity
|
vdg_sense
|
VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : (colon) character in th…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9575
|
2024-11-21 11:21 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278993
|
- |
|
sap
|
netweaver_business_client_for_html
|
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtr…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9569
|
2024-11-21 11:21 |
2015-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278994
|
- |
|
redhat
openstack
|
openstack
image_registry_and_delivery_service_\(glance\)
|
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: UR…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9493
|
2024-11-21 11:21 |
2015-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278995
|
- |
|
projectsend
|
projectsend
|
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP exte…
|
CWE-94
Code Injection
|
CVE-2014-9567
|
2024-11-21 11:21 |
2015-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278996
|
- |
|
humhub
|
humhub
|
SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to ex…
|
CWE-89
SQL Injection
|
CVE-2014-9528
|
2024-11-21 11:21 |
2015-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278997
|
- |
|
fedoraproject
apache
|
fedora
poi
|
HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.
|
CWE-399
Resource Management Errors
|
CVE-2014-9527
|
2024-11-21 11:21 |
2015-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278998
|
- |
|
concrete5
concretecms
|
concrete5
concrete_cms
|
Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9526
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278999
|
- |
|
timed_popup_project
|
timed_popup
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugin 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for reque…
|
CWE-352
Origin Validation Error
|
CVE-2014-9525
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279000
|
- |
|
facebook_like_box_project
|
facebook_like_box
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication o…
|
CWE-352
Origin Validation Error
|
CVE-2014-9524
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
