|
285631
|
- |
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in the preview in the TemplateSandbox extension for MediaWiki allows remote attackers to inject arbitrary web script or HTML via the text parameter to Special…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9479
|
2024-11-21 11:20 |
2015-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285632
|
- |
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in the preview in the ExpandTemplates extension for MediaWiki, when $wgRawHTML is set to true, allows remote attackers to inject arbitrary web script or HTML …
|
CWE-79
Cross-site Scripting
|
CVE-2014-9478
|
2024-11-21 11:20 |
2015-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285633
|
- |
|
mediawiki
|
mediawiki
|
Multiple cross-site scripting (XSS) vulnerabilities in the Listings extension for MediaWiki allow remote attackers to inject arbitrary web script or HTML via the (1) name or (2) url parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-9477
|
2024-11-21 11:20 |
2015-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285634
|
- |
|
mediawiki
|
mediawiki
|
MediaWiki 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote attackers to bypass CORS restrictions in $wgCrossSiteAJAXdomains via a domain that has a partial match to a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-9476
|
2024-11-21 11:20 |
2015-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285635
|
- |
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in thumb.php in MediaWiki before 1.19.23, 1.2x before 1.22.15, 1.23.x before 1.23.8, and 1.24.x before 1.24.1 allows remote authenticated users to inject arbi…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9475
|
2024-11-21 11:20 |
2015-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285636
|
- |
|
gnu
canonical
|
coreutils
ubuntu_linux
|
The parse_datetime function in GNU coreutils allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted date string, as demonstrated by the "--date=…
|
NVD-CWE-noinfo
|
CVE-2014-9471
|
2024-11-21 11:20 |
2015-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285637
|
- |
|
wpeasycart
|
wp_easycart
|
Unrestricted file upload vulnerability in inc/amfphp/administration/banneruploaderscript.php in the WP EasyCart (aka WordPress Shopping Cart) plugin before 3.0.9 allows remote authenticated users to …
|
NVD-CWE-Other
|
CVE-2014-9308
|
2024-11-21 11:20 |
2015-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285638
|
- |
|
codewrights
|
hart_device_type_manager
|
The CodeWrights HART Device Type Manager (DTM) library in Emerson HART DTM before 1.4.181 allows physically proximate attackers to cause a denial of service (DTM outage and FDT Frame application hang…
|
CWE-399
Resource Management Errors
|
CVE-2014-9191
|
2024-11-21 11:20 |
2015-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285639
|
- |
|
schneider-electric
|
wonderware_intouch_access_anywhere_server
|
Stack-based buffer overflow in Schneider Electric Wonderware InTouch Access Anywhere Server 10.6 and 11.0 allows remote attackers to execute arbitrary code via a request for a filename that does not …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-9190
|
2024-11-21 11:20 |
2015-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285640
|
- |
|
debian
mantisbt
|
debian_linux
mantisbt
|
The string_insert_href function in MantisBT 1.2.0a1 through 1.2.x before 1.2.18 does not properly validate the URL protocol, which allows remote attackers to conduct cross-site scripting (XSS) attack…
|
CWE-79
Cross-site Scripting
|
CVE-2014-9272
|
2024-11-21 11:20 |
2015-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
