|
278881
|
- |
|
google_doc_embedder_project
|
google_doc_embedder
|
SQL injection vulnerability in view.php in the Google Doc Embedder plugin before 2.5.15 for WordPress allows remote attackers to execute arbitrary SQL commands via the gpid parameter.
|
CWE-89
SQL Injection
|
CVE-2014-9173
|
2024-11-21 11:20 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278882
|
- |
|
suse
mutt
debian
mageia
|
linux_enterprise_desktop
suse_linux_enterprise_server
mutt
debian_linux
mageia
|
The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, which allows remote attackers to cause a denial of service (crash) via a header …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-9116
|
2024-11-21 11:20 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278883
|
- |
|
cchgroup
|
prosystem_fx_engagement
|
CCH Wolters Kluwer ProSystem fx Engagement (aka PFX Engagement) 7.1 and earlier uses weak permissions (Authenticated Users: Modify and Write) for the (1) Pfx.Engagement.WcfServices, (2) PFXEngDesktop…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9113
|
2024-11-21 11:20 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278884
|
- |
|
gnu
debian
|
cpio
debian_linux
|
Heap-based buffer overflow in the process_copy_in function in GNU Cpio 2.11 allows remote attackers to cause a denial of service via a large block value in a cpio archive.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-9112
|
2024-11-21 11:20 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278885
|
- |
|
filefield_project
|
filefield
|
The FileField module 6.x-3.x before 6.x-3.13 for Drupal does not properly check permissions to view files, which allows remote authenticated users with permission to create or edit content to read pr…
|
CWE-200
Information Exposure
|
CVE-2014-9156
|
2024-11-21 11:20 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278886
|
- |
|
avatar_uploader_project
|
avatar_uploader
|
Directory traversal vulnerability in the Avatar Uploader module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.0-beta6 for Drupal allows remote authenticated users to read arbitrary files via a .. (…
|
CWE-22
Path Traversal
|
CVE-2014-9155
|
2024-11-21 11:20 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278887
|
- |
|
notify_project
|
notify
|
The Notify module 7.x-1.x before 7.x-1.1 for Drupal does not properly restrict access to (1) new or (2) modified nodes or (3) their fields, which allows remote authenticated users to obtain node titl…
|
CWE-200
Information Exposure
|
CVE-2014-9154
|
2024-11-21 11:20 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278888
|
- |
|
services_project
|
services
|
Cross-site scripting (XSS) vulnerability in the Services module 7.x-3.x before 7.x-3.10 for Drupal allows remote authenticated users to inject arbitrary web script or HTML via the callback parameter …
|
CWE-79
Cross-site Scripting
|
CVE-2014-9153
|
2024-11-21 11:20 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278889
|
- |
|
services_project
|
services
|
The _user_resource_create function in the Services module 7.x-3.x before 7.x-3.10 for Drupal uses a password of 1 when creating new user accounts, which makes it easier for remote attackers to guess …
|
CWE-255
Credentials Management
|
CVE-2014-9152
|
2024-11-21 11:20 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278890
|
- |
|
services_project
|
services
|
The Services module 7.x-3.x before 7.x-3.10 for Drupal does not properly limit the rate of authentication attempts, which makes it easier for remote attackers to obtain access via a brute-force attac…
|
CWE-284
Improper Access Control
|
CVE-2014-9151
|
2024-11-21 11:20 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
