|
282491
|
- |
|
mageia_project
wordpress
debian
|
mageia
wordpress
debian_linux
|
WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obtain access to an account idle since 2008 by leveraging an improper PHP dynamic …
|
CWE-310
Cryptographic Issues
|
CVE-2014-9037
|
2024-11-21 11:20 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282492
|
- |
|
wordpress
debian
|
wordpress
debian_linux
|
Cross-site scripting (XSS) vulnerability in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via a c…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9036
|
2024-11-21 11:20 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282493
|
- |
|
wordpress
debian
|
wordpress
debian_linux
|
Cross-site scripting (XSS) vulnerability in Press This in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script o…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9035
|
2024-11-21 11:20 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282494
|
- |
|
wordpress
|
wordpress
|
wp-includes/class-phpass.php in WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 allows remote attackers to cause a denial of service (CPU consumption) via a long …
|
CWE-19
Data Processing Errors
|
CVE-2014-9034
|
2024-11-21 11:20 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282495
|
- |
|
wordpress
|
wordpress
|
Cross-site request forgery (CSRF) vulnerability in wp-login.php in WordPress 3.7.4, 3.8.4, 3.9.2, and 4.0 allows remote attackers to hijack the authentication of arbitrary users for requests that res…
|
CWE-352
Origin Validation Error
|
CVE-2014-9033
|
2024-11-21 11:20 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282496
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in the media-playlists feature in WordPress before 3.9.x before 3.9.3 and 4.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via …
|
CWE-79
Cross-site Scripting
|
CVE-2014-9032
|
2024-11-21 11:20 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282497
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in the wptexturize function in WordPress before 3.7.5, 3.8.x before 3.8.5, and 3.9.x before 3.9.3 allows remote attackers to inject arbitrary web script or HT…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9031
|
2024-11-21 11:20 |
2014-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282498
|
- |
|
xen
debian
opensuse
|
xen
debian_linux
opensuse
|
The do_mmu_update function in arch/x86/mm.c in Xen 3.2.x through 4.4.x does not properly manage page references, which allows remote domains to cause a denial of service by leveraging control over an…
|
CWE-20
Improper Input Validation
|
CVE-2014-9030
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282499
|
- |
|
drupal
secure_password_hashes_project
debian
|
drupal
secure_passwords_hashes
debian_linux
|
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and m…
|
NVD-CWE-noinfo
|
CVE-2014-9016
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282500
|
- |
|
drupal
debian
|
drupal
debian_linux
|
Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS session…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9015
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
