|
282891
|
- |
|
drupal
secure_password_hashes_project
debian
|
drupal
secure_passwords_hashes
debian_linux
|
The password hashing API in Drupal 7.x before 7.34 and the Secure Password Hashes (aka phpass) module 6.x-2.x before 6.x-2.1 for Drupal allows remote attackers to cause a denial of service (CPU and m…
|
NVD-CWE-noinfo
|
CVE-2014-9016
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282892
|
- |
|
drupal
debian
|
drupal
debian_linux
|
Drupal 6.x before 6.34 and 7.x before 7.34 allows remote attackers to hijack sessions via a crafted request, as demonstrated by a crafted request to a server that supports both HTTP and HTTPS session…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9015
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282893
|
- |
|
pypa
oracle
|
pip
solaris
|
pip 1.3 through 1.5.6 allows local users to cause a denial of service (prevention of package installation) by creating a /tmp/pip-build-* file for another user.
|
NVD-CWE-noinfo
|
CVE-2014-8991
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282894
|
- |
|
mantisbt
|
mantisbt
|
MantisBT before 1.2.18 allows remote authenticated users to bypass the $g_download_attachments_threshold and $g_view_attachments_threshold restrictions and read attachments for private projects by le…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8988
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282895
|
- |
|
mantisbt
|
mantisbt
|
Cross-site scripting (XSS) vulnerability in the selection list in the filters in the Configuration Report page (adm_config_report.php) in MantisBT 1.2.13 through 1.2.17 allows remote administrators t…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8986
|
2024-11-21 11:20 |
2014-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282896
|
- |
|
moodle
|
moodle
|
The LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not properly restrict the parameters used in a return URL, which allows remote attackers t…
|
CWE-20
Improper Input Validation
|
CVE-2014-9060
|
2024-11-21 11:20 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282897
|
- |
|
moodle
|
moodle
|
lib/setup.php in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 does not provide charset information in HTTP headers, which might allow remote attackers to cond…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9059
|
2024-11-21 11:20 |
2014-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282898
|
- |
|
zteusa
|
zxdsl_831cii
|
Multiple cross-site request forgery (CSRF) vulnerabilities in ZTE ZXDSL 831CII allow remote attackers to hijack the authentication of administrators for requests that disable modem lan ports via the …
|
CWE-352
Origin Validation Error
|
CVE-2014-9027
|
2024-11-21 11:20 |
2014-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282899
|
- |
|
ubercart
|
ubercart
|
The Ubercart module 7.x-3.x before 7.x-3.7 for Drupal does not properly protect the per-user order history view, which allows remote authenticated users with the "view own orders" permission to obtai…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9026
|
2024-11-21 11:20 |
2014-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282900
|
- |
|
commerceguys
|
commerce
|
The default checkout completion rule in the commerce_order module in the Drupal Commerce module 7.x-1.x before 7.x-1.10 for Drupal uses the email address as the username for new accounts created at c…
|
CWE-200
Information Exposure
|
CVE-2014-9025
|
2024-11-21 11:20 |
2014-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
