|
279281
|
- |
|
codiad
|
codiad
|
Cross-site scripting (XSS) vulnerability in components/filemanager/dialog.php in Codiad 2.4.3 allows remote attackers to inject arbitrary web script or HTML via the short_name parameter in a rename a…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9582
|
2024-11-21 11:21 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279282
|
- |
|
codiad
|
codiad
|
Directory traversal vulnerability in components/filemanager/download.php in Codiad 2.4.3 allows remote attackers to read arbitrary files via a .. (dot dot) in the path parameter. NOTE: this issue wa…
|
CWE-22
Path Traversal
|
CVE-2014-9581
|
2024-11-21 11:21 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279283
|
- |
|
projectsend
|
projectsend
|
Cross-site scripting (XSS) vulnerability in ProjectSend (formerly cFTP) r561 allows remote attackers to inject arbitrary web script or HTML via the Description field in a file upload. NOTE: this iss…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9580
|
2024-11-21 11:21 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279284
|
- |
|
vdgsecurity
|
vdg_sense
|
VDG Security SENSE (formerly DIVA) 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files.
|
CWE-200
Information Exposure
|
CVE-2014-9579
|
2024-11-21 11:21 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279285
|
- |
|
vdgsecurity
|
vdg_sense
|
VDG Security SENSE (formerly DIVA) 2.3.13 performs authentication with a password hash instead of a password, which allows remote attackers to gain login access by leveraging knowledge of a password …
|
CWE-287
Improper Authentication
|
CVE-2014-9578
|
2024-11-21 11:21 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279286
|
- |
|
vdgsecurity
|
vdg_sense
|
VDG Security SENSE (formerly DIVA) 2.3.13 sends the user database when a user logs in, which allows remote authenticated users to obtain usernames and password hashes by logging in to TCP port 51410 …
|
CWE-200
Information Exposure
|
CVE-2014-9577
|
2024-11-21 11:21 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279287
|
- |
|
vdgsecurity
|
vdg_sense
|
VDG Security SENSE (formerly DIVA) 2.3.13 has a hardcoded password of (1) ArpaRomaWi for the root Postgres account and !DVService for the (2) postgres and (3) NTP Windows user accounts, which allows …
|
CWE-200
Information Exposure
|
CVE-2014-9576
|
2024-11-21 11:21 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279288
|
- |
|
vdgsecurity
|
vdg_sense
|
VDG Security SENSE (formerly DIVA) before 2.3.15 allows remote attackers to bypass authentication, and consequently read and modify arbitrary plugin settings, via an encoded : (colon) character in th…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9575
|
2024-11-21 11:21 |
2015-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279289
|
- |
|
sap
|
netweaver_business_client_for_html
|
Multiple cross-site scripting (XSS) vulnerabilities in SAP NetWeaver Business Client (NWBC) for HTML 3.0 allow remote attackers to inject arbitrary web script or HTML via the (1) title or (2) roundtr…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9569
|
2024-11-21 11:21 |
2015-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
279290
|
- |
|
redhat
openstack
|
openstack
image_registry_and_delivery_service_\(glance\)
|
The V2 API in OpenStack Image Registry and Delivery Service (Glance) before 2014.2.2 and 2014.1.4 allows remote authenticated users to read or delete arbitrary files via a full pathname in a file: UR…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9493
|
2024-11-21 11:21 |
2015-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
