|
279011
|
- |
|
mediawiki
|
mediawiki
|
MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9507
|
2024-11-21 11:21 |
2015-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279012
|
- |
|
mantisbt
|
mantisbt
|
MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain s…
|
CWE-200
Information Exposure
|
CVE-2014-9506
|
2024-11-21 11:21 |
2015-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279013
|
9.8 |
CRITICAL
Network
|
sap
|
businessobjects_edge
|
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note …
|
CWE-287
Improper Authentication
|
CVE-2014-9320
|
2024-11-21 11:20 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279014
|
9.8 |
CRITICAL
Network
|
git-scm
mercurial
apple
eclipse
libgit2
|
git
mercurial
xcode
egit
libgit2
jgit
|
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; …
|
CWE-20
Improper Input Validation
|
CVE-2014-9390
|
2024-11-21 11:20 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279015
|
6.1 |
MEDIUM
Network
|
fork-cms
|
fork_cms
|
Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML …
|
CWE-79
Cross-site Scripting
|
CVE-2014-9470
|
2024-11-21 11:20 |
2020-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279016
|
6.5 |
MEDIUM
Network
|
open-school
|
open-school
|
Open-School Community Edition 2.2 does not properly restrict access to the export functionality, which allows remote authenticated users to obtain sensitive information via the r parameter with the v…
|
CWE-200
Information Exposure
|
CVE-2014-9127
|
2024-11-21 11:20 |
2020-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279017
|
6.1 |
MEDIUM
Network
|
open-school
|
open-school
|
Multiple cross-site scripting (XSS) vulnerabilities in Open-School Community Edition 2.2 allow remote attackers to inject arbitrary web script or HTML via the YII_CSRF_TOKEN HTTP cookie or the Studen…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9126
|
2024-11-21 11:20 |
2020-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279018
|
5.9 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
The Scribunto extension for MediaWiki allows remote attackers to obtain the rollback token and possibly other sensitive information via a crafted module, related to unstripping special page HTML.
|
CWE-200
Information Exposure
|
CVE-2014-9481
|
2024-11-21 11:20 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279019
|
6.1 |
MEDIUM
Network
|
clickdesk
|
clickdesk
|
ClickDesk version 4.3 and below has persistent cross site scripting
|
CWE-79
Cross-site Scripting
|
CVE-2014-9211
|
2024-11-21 11:20 |
2020-01-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279020
|
6.5 |
MEDIUM
Network
|
free
|
freebox_os
|
Freebox OS Web interface 3.0.2 has CSRF which can allow VPN user account creation
|
CWE-352
Origin Validation Error
|
CVE-2014-9382
|
2024-11-21 11:20 |
2020-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
