|
278851
|
- |
|
technicolor
|
td5130_router_firmware
|
Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to execute arbitrary commands via shell metacharacters in the ping field (setobject_ip parameter).
|
CWE-77
Command Injection
|
CVE-2014-9144
|
2024-11-21 11:20 |
2014-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278852
|
- |
|
technicolor
|
td5130_router_firmware
|
Open redirect vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the failre…
|
CWE-17
Code
|
CVE-2014-9143
|
2024-11-21 11:20 |
2014-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278853
|
- |
|
technicolor
|
td5130_router_firmware
|
Cross-site scripting (XSS) vulnerability in Technicolor Router TD5130 with firmware 2.05.C29GV allows remote attackers to inject arbitrary web script or HTML via the failrefer parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9142
|
2024-11-21 11:20 |
2014-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278854
|
- |
|
cminds
|
cm_download_manager
|
Cross-site request forgery (CSRF) vulnerability in the CreativeMinds CM Downloads Manager plugin before 2.0.7 for WordPress allows remote attackers to hijack the authentication of administrators for …
|
CWE-352
Origin Validation Error
|
CVE-2014-9129
|
2024-11-21 11:20 |
2014-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278855
|
- |
|
websitebaker
|
websitebaker
|
Multiple cross-site scripting (XSS) vulnerabilities in WebsiteBaker 2.8.3 allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to wb/admin/admintools/tool.php or (2)…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9243
|
2024-11-21 11:20 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278856
|
- |
|
websitebaker
|
websitebaker
|
SQL injection vulnerability in admin/pages/modify.php in WebsiteBaker 2.8.3 allows remote attackers to execute arbitrary SQL commands via the page_id parameter.
|
CWE-89
SQL Injection
|
CVE-2014-9242
|
2024-11-21 11:20 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278857
|
- |
|
mybb
|
mybb
|
Multiple cross-site scripting (XSS) vulnerabilities in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to report…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9241
|
2024-11-21 11:20 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278858
|
- |
|
mybb
|
mybb
|
SQL injection vulnerability in member.php in MyBB (aka MyBulletinBoard) 1.8.x before 1.8.2 allows remote attackers to execute arbitrary SQL commands via the question_id parameter in a do_register act…
|
CWE-89
SQL Injection
|
CVE-2014-9240
|
2024-11-21 11:20 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278859
|
- |
|
invisionpower
invisioncommunity
|
invision_power_board
|
SQL injection vulnerability in the IPS Connect service (interface/ipsconnect/ipsconnect.php) in Invision Power Board (aka IPB or IP.Board) 3.3.x and 3.4.x through 3.4.7 before 20141114 allows remote …
|
CWE-89
SQL Injection
|
CVE-2014-9239
|
2024-11-21 11:20 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278860
|
- |
|
d-link
|
dcs-2103_hd_cube_network_camera_firmware
|
D-link IP camera DCS-2103 with firmware 1.0.0 allows remote attackers to obtain the installation path via the file parameter to cgi-bin/sddownload.cgi, as demonstrated by a / (forward slash) characte…
|
CWE-22
Path Traversal
|
CVE-2014-9238
|
2024-11-21 11:20 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
