|
286161
|
- |
|
nextendweb
|
nextend_facebook_connect
|
Cross-site scripting (XSS) vulnerability in nextend-facebook-settings.php in the Nextend Facebook Connect plugin before 1.5.1 for WordPress allows remote attackers to inject arbitrary web script or H…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8800
|
2024-11-21 11:19 |
2014-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286162
|
- |
|
modx
|
modx_revolution
|
MODX Revolution 2.x before 2.2.15 does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers to obtain potentially sensitive informat…
|
CWE-200
Information Exposure
|
CVE-2014-8775
|
2024-11-21 11:19 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286163
|
- |
|
modx
|
modx_revolution
|
Cross-site scripting (XSS) vulnerability in manager/index.php in MODX Revolution 2.x before 2.2.15 allows remote attackers to inject arbitrary web script or HTML via the context_key parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-8774
|
2024-11-21 11:19 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286164
|
- |
|
modx
|
modx_revolution
|
MODX Revolution 2.x before 2.2.15 allows remote attackers to bypass the cross-site request forgery (CSRF) protection mechanism by (1) omitting the CSRF token or via a (2) long string in the CSRF toke…
|
CWE-352
Origin Validation Error
|
CVE-2014-8773
|
2024-11-21 11:19 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286165
|
- |
|
x3cms
|
x3_cms
|
Cross-site scripting (XSS) vulnerability in the search_controller in X3 CMS 0.5.1 and 0.5.1.1 allows remote authenticated users to inject arbitrary web script or HTML via the search parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-8772
|
2024-11-21 11:19 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286166
|
- |
|
x3cms
|
x3_cms
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the admin area in X3 CMS 0.5.1 and 0.5.1.1 allow remote attackers to hijack the authentication of administrators via unspecified vectors.
|
CWE-352
Origin Validation Error
|
CVE-2014-8771
|
2024-11-21 11:19 |
2014-12-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286167
|
- |
|
kennziffer
|
ke_questionnaire
|
The ke_questionnaire extension 2.5.2 and earlier for TYPO3 uses predictable names for the questionnaire answer forms, which makes it easier for remote attackers to obtain sensitive information via a …
|
CWE-200
Information Exposure
|
CVE-2014-8874
|
2024-11-21 11:19 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286168
|
- |
|
gleamtech
|
filevista
|
GleamTech FileVista before 6.1 allows remote authenticated users to create arbitrary files and possibly execute arbitrary code via a crafted path in a zip archive, which is not properly handled durin…
|
CWE-20
Improper Input Validation
|
CVE-2014-8789
|
2024-11-21 11:19 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286169
|
- |
|
gleamtech
|
filevista
|
GleamTech FileVista before 6.1 allows remote authenticated users to obtain sensitive information via a crafted path when saving a zip file, which reveals the installation path in an error message.
|
CWE-200
Information Exposure
|
CVE-2014-8788
|
2024-11-21 11:19 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286170
|
- |
|
ad-manager_project
|
ad-manager
|
Open redirect vulnerability in track-click.php in the Ad-Manager plugin 1.1.2 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in …
|
NVD-CWE-Other
|
CVE-2014-8754
|
2024-11-21 11:19 |
2014-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
