|
279371
|
- |
|
pligg
|
pligg_cms
|
Multiple SQL injection vulnerabilities in recover.php in Pligg CMS 2.0.1 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) n parameter.
|
CWE-89
SQL Injection
|
CVE-2014-9096
|
2024-11-21 11:20 |
2014-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279372
|
- |
|
raritan
|
power_iq
|
Multiple SQL injection vulnerabilities in Raritan Power IQ 4.1.0 and 4.2.1 allow remote attackers to execute arbitrary SQL commands via the (1) sort or (2) dir parameter to license/records.
|
CWE-89
SQL Injection
|
CVE-2014-9095
|
2024-11-21 11:20 |
2014-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279373
|
- |
|
digitalzoomstudio
|
video_gallery
|
Multiple cross-site scripting (XSS) vulnerabilities in deploy/designer/preview.php in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web s…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9094
|
2024-11-21 11:20 |
2014-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279374
|
- |
|
libreoffice
fedoraproject
canonical
debian
|
libreoffice
fedora
ubuntu_linux
debian_linux
|
LibreOffice before 4.3.5 allows remote attackers to cause a denial of service (invalid write operation and crash) and possibly execute arbitrary code via a crafted RTF file.
|
CWE-20
Improper Input Validation
|
CVE-2014-9093
|
2024-11-21 11:20 |
2014-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279375
|
- |
|
flac
|
libflac
|
Heap-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-9028
|
2024-11-21 11:20 |
2014-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279376
|
- |
|
flac
|
libflac
|
Stack-based buffer overflow in stream_decoder.c in libFLAC before 1.3.1 allows remote attackers to execute arbitrary code via a crafted .flac file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-8962
|
2024-11-21 11:20 |
2014-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279377
|
- |
|
debian
mageia_project
wordpress
|
debian_linux
mageia
wordpress
|
wp-login.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to reset passwords by leveraging access to an e-mail account that rec…
|
CWE-254
7PK - Security Features
|
CVE-2014-9039
|
2024-11-21 11:20 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279378
|
- |
|
wordpress
|
wordpress
|
wp-includes/http.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to conduct server-side request forgery (SSRF) attacks by referring…
|
CWE-20
Improper Input Validation
|
CVE-2014-9038
|
2024-11-21 11:20 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279379
|
- |
|
mageia_project
wordpress
debian
|
mageia
wordpress
debian_linux
|
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic …
|
CWE-310
Cryptographic Issues
|
CVE-2014-9037
|
2024-11-21 11:20 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279380
|
- |
|
wordpress
debian
|
wordpress
debian_linux
|
Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a c…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9036
|
2024-11-21 11:20 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
