|
278961
|
5.3 |
MEDIUM
Network
|
piwigo
|
lexiglot
|
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (names and details of projects) by visiting the /update.log URI.
|
CWE-200
Information Exposure
|
CVE-2014-8940
|
2024-11-21 11:19 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278962
|
5.3 |
MEDIUM
Network
|
piwigo
|
lexiglot
|
Lexiglot through 2014-11-20 allows remote attackers to obtain sensitive information (full path) via an include/smarty/plugins/modifier.date_format.php request if PHP has a non-recommended configurati…
|
CWE-22
Path Traversal
|
CVE-2014-8939
|
2024-11-21 11:19 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278963
|
7.8 |
HIGH
Local
|
piwigo
|
lexiglot
|
Lexiglot through 2014-11-20 allows local users to obtain sensitive information by listing a process because the username and password are on the command line.
|
CWE-522
Insufficiently Protected Credentials
|
CVE-2014-8938
|
2024-11-21 11:19 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278964
|
7.5 |
HIGH
Network
|
piwigo
|
lexiglot
|
Lexiglot through 2014-11-20 allows denial of service because api/update.php launches svn update operations that use a great deal of resources.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2014-8937
|
2024-11-21 11:19 |
2020-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278965
|
9.8 |
CRITICAL
Network
|
jquery_file_upload_project
creative-solutions
|
jquery_file_upload
creative_contact_form
|
Unrestricted file upload vulnerability in server/php/UploadHandler.php in the jQuery File Upload Plugin 6.4.4 for jQuery, as used in the Creative Solutions Creative Contact Form (formerly Sexy Contac…
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2014-8739
|
2024-11-21 11:19 |
2020-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278966
|
6.1 |
MEDIUM
Network
|
tennisconnect
|
components
|
Cross-site scripting (XSS) vulnerability in TennisConnect COMPONENTS 9.927 allows remote attackers to inject arbitrary web script or HTML via the pid parameter to index.cfm.
|
CWE-79
Cross-site Scripting
|
CVE-2014-8490
|
2024-11-21 11:19 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278967
|
9.8 |
CRITICAL
Network
|
synacor
|
zimbra_collaboration_server
|
Synacor Zimbra Collaboration before 8.0.9 allows plaintext command injection during STARTTLS.
|
CWE-78
OS Command
|
CVE-2014-8563
|
2024-11-21 11:19 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278968
|
7.5 |
HIGH
Network
|
lexmark
|
markvision_enterprise
|
Directory traversal vulnerability in the ReportDownloadServlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to read arbitrary files via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2014-8742
|
2024-11-21 11:19 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278969
|
9.8 |
CRITICAL
Network
|
lexmark
|
markvision_enterprise
|
Directory traversal vulnerability in the GfdFileUploadServerlet servlet in Lexmark MarkVision Enterprise before 2.1 allows remote attackers to write to arbitrary files via unspecified vectors.
|
CWE-22
Path Traversal
|
CVE-2014-8741
|
2024-11-21 11:19 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
278970
|
9.8 |
CRITICAL
Network
|
soplanning
|
soplanning
|
Multiple SQL vulnerabilities exist in planning.php, user_list.php, projets.php, user_groupes.php, and groupe_list.php in Simple Online Planning (SOPPlanning)before 1.33.
|
CWE-89
SQL Injection
|
CVE-2014-8673
|
2024-11-21 11:19 |
2020-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
