|
278851
|
6.1 |
MEDIUM
Network
|
bilboplanet
|
bilboplanet
|
An issue was discovered in Bilboplanet 2.0. Stored XSS exists in the user_id parameter to signup.php.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9918
|
2024-11-21 11:21 |
2019-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278852
|
6.1 |
MEDIUM
Network
|
bilboplanet
|
bilboplanet
|
An issue was discovered in Bilboplanet 2.0. There is a stored XSS vulnerability when adding a tag via the user/?page=tribes tags parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9917
|
2024-11-21 11:21 |
2019-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278853
|
4.9 |
MEDIUM
Network
|
unify
|
openstage_sip
openscape_desk_phone_ip_sip
|
CRLF injection vulnerability in the web-based management (WBM) interface in Unify (former Siemens) OpenStage SIP and OpenScape Desk Phone IP V3 devices before R3.32.0 allows remote authenticated user…
|
CWE-93
CRLF Injection
|
CVE-2014-9563
|
2024-11-21 11:21 |
2018-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278854
|
7.5 |
HIGH
Network
|
open_atrium_project
|
open_atrium
|
The OG Subgroups module, when used with the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal, allows remote attackers to access child groups via vectors related to membership inheritance.
|
CWE-284
Improper Access Control
|
CVE-2014-9504
|
2024-11-21 11:21 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278855
|
6.5 |
MEDIUM
Network
|
open_atrium_project
|
open_atrium
|
The Discussions sub module in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allows remote authenticated users with "access content" permissions to modify arbitrary nodes by leveraging imp…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9503
|
2024-11-21 11:21 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278856
|
8.8 |
HIGH
Network
|
open_atrium_project
|
open_atrium
|
Multiple cross-site request forgery (CSRF) vulnerabilities in unspecified sub modules in the Open Atrium module 7.x-2.x before 7.x-2.26 for Drupal allow remote attackers to hijack the authentication …
|
CWE-352
Origin Validation Error
|
CVE-2014-9502
|
2024-11-21 11:21 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278857
|
5.5 |
MEDIUM
Local
|
minizip_project
|
minizip
|
Directory traversal vulnerability in the do_extract_currentfile function in miniunz.c in miniunzip in minizip before 1.1-5 might allow remote attackers to write to arbitrary files via a crafted entry…
|
CWE-22
Path Traversal
|
CVE-2014-9485
|
2024-11-21 11:21 |
2018-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278858
|
9.8 |
CRITICAL
Network
|
dozer_project
|
dozer
|
Dozer improperly uses a reflection-based approach to type conversion, which might allow remote attackers to execute arbitrary code via a crafted serialized object.
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2014-9515
|
2024-11-21 11:21 |
2017-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278859
|
9.8 |
CRITICAL
Network
|
nwjs
|
nw.js
|
nw.js before 0.11.5 can simulate user input events in a normal frame, which allows remote attackers to have unspecified impact via unknown vectors.
|
CWE-20
Improper Input Validation
|
CVE-2014-9733
|
2024-11-21 11:21 |
2017-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278860
|
7.5 |
HIGH
Network
|
huawei
|
usg9560_firmware
usg9520_firmware
usg9580_firmware
|
Huawei USG9560/9520/9580 before V300R001C01SPC300 allows remote attackers to cause a memory leak or denial of service (memory exhaustion, reboot and MPU switchover) via a crafted website.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2014-9697
|
2024-11-21 11:21 |
2017-10-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
