|
286111
|
- |
|
boldgrid
|
w3_total_cache
|
Cross-site scripting (XSS) vulnerability in the W3 Total Cache plugin before 0.9.4.1 for WordPress, when debug mode is enabled, allows remote attackers to inject arbitrary web script or HTML via the …
|
CWE-79
Cross-site Scripting
|
CVE-2014-8724
|
2024-11-21 11:19 |
2014-12-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286112
|
- |
|
ibm
|
websphere_portal
|
Cross-site scripting (XSS) vulnerability in the Blog Portlet in IBM WebSphere Portal 6.1.0 through 6.1.0.6 CF27, 6.1.5 through 6.1.5.3 CF27, 7.0.0 through 7.0.0.2 CF29, 8.0.0 through 8.0.0.1 CF14, an…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8902
|
2024-11-21 11:19 |
2014-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286113
|
- |
|
ibm
|
db2
|
IBM DB2 9.5 through FP10, 9.7 through FP10, 9.8 through FP5, 10.1 through FP4, and 10.5 before FP5 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted XML q…
|
CWE-399
Resource Management Errors
|
CVE-2014-8901
|
2024-11-21 11:19 |
2014-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286114
|
- |
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server Liberty Profile 8.5.x before 8.5.5.4 allows remote attackers to gain privileges by leveraging the combination of a servlet's deployment descriptor security constraint…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8890
|
2024-11-21 11:19 |
2014-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286115
|
- |
|
mantisbt
|
mantisbt
|
The mci_account_get_array_by_id function in api/soap/mc_account_api.php in MantisBT before 1.2.18 allows remote attackers to obtain sensitive information via a (1) mc_project_get_users, (2) mc_issue_…
|
CWE-200
Information Exposure
|
CVE-2014-8553
|
2024-11-21 11:19 |
2014-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286116
|
- |
|
goywp
|
webpress
|
Multiple cross-site scripting (XSS) vulnerabilities in goYWP WebPress 13.00.06 allow remote attackers to inject arbitrary web script or HTML via the (1) search_param parameter to search.php or (2) na…
|
CWE-79
Cross-site Scripting
|
CVE-2014-8751
|
2024-11-21 11:19 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286117
|
- |
|
modwsgi
|
mod_wsgi
|
mod_wsgi before 4.2.4 for Apache, when creating a daemon process group, does not properly handle when group privileges cannot be dropped, which might allow attackers to gain privileges via unspecifie…
|
CWE-254
7PK - Security Features
|
CVE-2014-8583
|
2024-11-21 11:19 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286118
|
- |
|
google
|
android
|
AndroidManifest.xml in Android before 5.0.0 does not require the SEND_SMS permission for the SmsReceiver receiver, which allows attackers to send stored SMS messages, and consequently transmit arbitr…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8610
|
2024-11-21 11:19 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286119
|
- |
|
google
|
android
|
The addAccount method in src/com/android/settings/accounts/AddAccountSettings.java in the Settings application in Android before 5.0.0 does not properly create a PendingIntent, which allows attackers…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-8609
|
2024-11-21 11:19 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286120
|
- |
|
google
|
android
|
Multiple SQL injection vulnerabilities in the queryLastApp method in packages/WAPPushManager/src/com/android/smspush/WapPushManager.java in the WAPPushManager module in Android before 5.0.0 allow rem…
|
CWE-89
SQL Injection
|
CVE-2014-8507
|
2024-11-21 11:19 |
2014-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
