|
278621
|
- |
|
projectsend
|
projectsend
|
Unrestricted file upload vulnerability in process-upload.php in ProjectSend (formerly cFTP) r100 through r561 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP exte…
|
CWE-94
Code Injection
|
CVE-2014-9567
|
2024-11-21 11:21 |
2015-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278622
|
- |
|
humhub
|
humhub
|
SQL injection vulnerability in the actionIndex function in protected/modules_core/notification/controllers/ListController.php in HumHub 0.10.0-rc.1 and earlier allows remote authenticated users to ex…
|
CWE-89
SQL Injection
|
CVE-2014-9528
|
2024-11-21 11:21 |
2015-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278623
|
- |
|
fedoraproject
apache
|
fedora
poi
|
HSLFSlideShow in Apache POI before 3.11 allows remote attackers to cause a denial of service (infinite loop and deadlock) via a crafted PPT file.
|
CWE-399
Resource Management Errors
|
CVE-2014-9527
|
2024-11-21 11:21 |
2015-01-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278624
|
- |
|
concrete5
concretecms
|
concrete5
concrete_cms
|
Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9526
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278625
|
- |
|
timed_popup_project
|
timed_popup
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugin 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for reque…
|
CWE-352
Origin Validation Error
|
CVE-2014-9525
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278626
|
- |
|
facebook_like_box_project
|
facebook_like_box
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication o…
|
CWE-352
Origin Validation Error
|
CVE-2014-9524
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278627
|
- |
|
smartcat
|
our_team_showcase
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanced) plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administ…
|
CWE-352
Origin Validation Error
|
CVE-2014-9523
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278628
|
- |
|
papoo
|
cms_papoo_light
|
Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) …
|
CWE-79
Cross-site Scripting
|
CVE-2014-9522
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278629
|
- |
|
infinitewp
|
infinitewp
|
Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by upl…
|
CWE-94
Code Injection
|
CVE-2014-9521
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278630
|
- |
|
infinitewp
|
infinitewp
|
SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter.
|
CWE-89
SQL Injection
|
CVE-2014-9520
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
