|
284981
|
- |
|
d-link
|
dir-655_firmware
dir-655
|
Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_respon…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9518
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284982
|
- |
|
dlink
|
dcs-2103_firmware
|
Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9517
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284983
|
- |
|
social_microblogging_pro_project
|
social_microblogging_pro
|
Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the "Web Site"…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9516
|
2024-11-21 11:21 |
2015-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284984
|
- |
|
typo3
|
typo3
|
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers …
|
CWE-20
Improper Input Validation
|
CVE-2014-9509
|
2024-11-21 11:21 |
2015-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284985
|
- |
|
typo3
|
typo3
|
The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only …
|
CWE-59
Link Following
|
CVE-2014-9508
|
2024-11-21 11:21 |
2015-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284986
|
- |
|
mediawiki
|
mediawiki
|
MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9507
|
2024-11-21 11:21 |
2015-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284987
|
- |
|
mantisbt
|
mantisbt
|
MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain s…
|
CWE-200
Information Exposure
|
CVE-2014-9506
|
2024-11-21 11:21 |
2015-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284988
|
9.8 |
CRITICAL
Network
|
sap
|
businessobjects_edge
|
SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note …
|
CWE-287
Improper Authentication
|
CVE-2014-9320
|
2024-11-21 11:20 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284989
|
9.8 |
CRITICAL
Network
|
git-scm
mercurial
apple
eclipse
libgit2
|
git
mercurial
xcode
egit
libgit2
jgit
|
Git before 1.8.5.6, 1.9.x before 1.9.5, 2.0.x before 2.0.5, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 on Windows and OS X; Mercurial before 3.2.3 on Windows and OS X; Apple Xcode before 6.2 beta 3; …
|
CWE-20
Improper Input Validation
|
CVE-2014-9390
|
2024-11-21 11:20 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284990
|
6.1 |
MEDIUM
Network
|
fork-cms
|
fork_cms
|
Cross-site scripting (XSS) vulnerability in the loadForm function in Frontend/Modules/Search/Actions/Index.php in Fork CMS before 3.8.4 allows remote attackers to inject arbitrary web script or HTML …
|
CWE-79
Cross-site Scripting
|
CVE-2014-9470
|
2024-11-21 11:20 |
2020-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
