|
278951
|
- |
|
digitalvidhya
|
digi_online_examination_system
|
Unrestricted file upload vulnerability in the Photo functionality in DigitalVidhya Digi Online Examination System 2.0 allows remote attackers to execute arbitrary code by uploading a file with an exe…
|
CWE-94
Code Injection
|
CVE-2014-8997
|
2024-11-21 11:20 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278952
|
- |
|
nibbleblog
|
nibbleblog
|
Multiple cross-site scripting (XSS) vulnerabilities in Nibbleblog before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) author_name or (2) content parameter to index.…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8996
|
2024-11-21 11:20 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278953
|
- |
|
maarch
|
letterbox
|
SQL injection vulnerability in Maarch LetterBox 2.8 allows remote attackers to execute arbitrary SQL commands via the UserId cookie.
|
CWE-89
SQL Injection
|
CVE-2014-8995
|
2024-11-21 11:20 |
2014-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278954
|
- |
|
megnicholas
|
clean_and_simple_contact_form
|
Cross-site scripting (XSS) vulnerability in the Contact Form Clean and Simple (clean-and-simple-contact-form-by-meg-nicholas) plugin 4.4.0 and earlier for WordPress allows remote attackers to inject …
|
CWE-79
Cross-site Scripting
|
CVE-2014-8955
|
2024-11-21 11:20 |
2014-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278955
|
6.1 |
MEDIUM
Network
|
php-fusion
|
phpfusion
|
A reflected cross-site scripting (XSS) vulnerability in PHP-Fusion 7.02.07 allows remote attackers to inject arbitrary web script or HTML via the status parameter in the CMS admin panel.
|
CWE-79
Cross-site Scripting
|
CVE-2014-8597
|
2024-11-21 11:19 |
2022-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278956
|
9.8 |
CRITICAL
Network
|
piwigo
|
lexiglot
|
admin.php?page=projects in Lexiglot through 2014-11-20 allows command injection via username and password fields.
|
CWE-78
OS Command
|
CVE-2014-8945
|
2024-11-21 11:19 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278957
|
5.4 |
MEDIUM
Network
|
piwigo
|
lexiglot
|
Lexiglot through 2014-11-20 allows XSS (Reflected) via the username, or XSS (Stored) via the admin.php?page=config install_name, intro_message, or new_file_content parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-8944
|
2024-11-21 11:19 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278958
|
8.8 |
HIGH
Network
|
piwigo
|
lexiglot
|
Lexiglot through 2014-11-20 allows SSRF via the admin.php?page=projects svn_url parameter.
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2014-8943
|
2024-11-21 11:19 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278959
|
8.8 |
HIGH
Network
|
piwigo
|
lexiglot
|
Lexiglot through 2014-11-20 allows CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2014-8942
|
2024-11-21 11:19 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278960
|
9.8 |
CRITICAL
Network
|
piwigo
|
lexiglot
|
Lexiglot through 2014-11-20 allows SQL injection via an admin.php?page=users&from_id= or admin.php?page=history&limit= URI.
|
CWE-89
SQL Injection
|
CVE-2014-8941
|
2024-11-21 11:19 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
