|
282711
|
- |
|
wp_rss_poster_plugin_project
|
wp-rss-poster
|
SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to w…
|
CWE-89
SQL Injection
|
CVE-2014-4938
|
2024-11-21 11:11 |
2014-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282712
|
- |
|
bookx_plugin_project
|
bookx
|
Directory traversal vulnerability in includes/bookx_export.php BookX plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the file parameter.
|
CWE-22
Path Traversal
|
CVE-2014-4937
|
2024-11-21 11:11 |
2014-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282713
|
- |
|
pnp4nagios
|
pnp4nagios
|
Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1) share/pnp/application/…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4908
|
2024-11-21 11:11 |
2014-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282714
|
- |
|
op5
pnp4nagios
|
monitor
pnp4nagios
|
Cross-site scripting (XSS) vulnerability in share/pnp/application/views/kohana_error_page.php in PNP4Nagios before 0.6.22 allows remote attackers to inject arbitrary web script or HTML via a paramete…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4907
|
2024-11-21 11:11 |
2014-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282715
|
9.8 |
CRITICAL
Network
|
python
redhat
|
python
enterprise_linux
software_collections
|
The CGIHTTPServer module in Python 2.7.5 and 3.3.4 does not properly handle URLs in which URL encoding is used for path separators, which allows remote attackers to read script source code or conduct…
|
CWE-22
Path Traversal
|
CVE-2014-4650
|
2024-11-21 11:10 |
2020-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282716
|
5.5 |
MEDIUM
Local
|
redhat
|
ansible
|
Ansible before 1.5.5 sets 0644 permissions for sources.list, which might allow local users to obtain sensitive credential information in opportunistic circumstances by reading a file that uses the "d…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2014-4659
|
2024-11-21 11:10 |
2020-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282717
|
5.5 |
MEDIUM
Local
|
redhat
|
ansible
|
The vault subsystem in Ansible before 1.5.5 does not set the umask before creation or modification of a vault file, which allows local users to obtain sensitive key information by reading a file.
|
CWE-200
Information Exposure
|
CVE-2014-4658
|
2024-11-21 11:10 |
2020-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282718
|
9.8 |
CRITICAL
Network
|
redhat
|
ansible
|
The safe_eval function in Ansible before 1.5.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions.
|
CWE-20
Improper Input Validation
|
CVE-2014-4657
|
2024-11-21 11:10 |
2020-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282719
|
9.8 |
CRITICAL
Network
|
redhat
debian
|
ansible
debian_linux
|
The safe_eval function in Ansible before 1.6.4 does not properly restrict the code subset, which allows remote attackers to execute arbitrary code via crafted instructions. NOTE: this vulnerability e…
|
CWE-74
Injection
|
CVE-2014-4678
|
2024-11-21 11:10 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282720
|
5.5 |
MEDIUM
Local
|
redhat
|
ansible
|
Ansible before 1.5.5 constructs filenames containing user and password fields on the basis of deb lines in sources.list, which might allow local users to obtain sensitive credential information in op…
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2014-4660
|
2024-11-21 11:10 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
