257791
|
- |
|
d-coda
|
contactme
|
Cross-site scripting (XSS) vulnerability in xd_resize.php in the Contact Form by ContactMe.com plugin 2.3 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via …
|
CWE-79
Cross-site Scripting
|
CVE-2014-4518
|
2014-07-2 22:32 |
2014-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257792
|
- |
|
bic_media_widget_plugin
|
bic_media_widget
|
Cross-site scripting (XSS) vulnerability in bicm-carousel-preview.php in the BIC Media Widget plugin 1.0 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via t…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4516
|
2014-07-2 22:24 |
2014-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257793
|
- |
|
activehelper
|
activehelper_livehelp_live_chat
|
Multiple cross-site scripting (XSS) vulnerabilities in server/offline.php in the ActiveHelper LiveHelp Live Chat plugin 3.1.0 and earlier for WordPress allow remote attackers to inject arbitrary web …
|
CWE-79
Cross-site Scripting
|
CVE-2014-4513
|
2014-07-2 03:34 |
2014-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257794
|
- |
|
caldera
|
caldera
|
Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php.
|
CWE-89
SQL Injection
|
CVE-2014-2934
|
2014-07-2 02:57 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257795
|
- |
|
caldera
|
caldera
|
Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname.
|
CWE-22
Path Traversal
|
CVE-2014-2933
|
2014-07-2 02:56 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257796
|
- |
|
plone
|
plone
|
Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7061
|
2014-07-1 07:12 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257797
|
- |
|
piwigo
|
piwigo
|
SQL injection vulnerability in the photo-edit subsystem in Piwigo 2.6.x and 2.7.x before 2.7.0beta2 allows remote authenticated administrators to execute arbitrary SQL commands via the associate[] fi…
|
CWE-89
SQL Injection
|
CVE-2014-4649
|
2014-07-1 07:10 |
2014-06-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257798
|
- |
|
plone
|
plone
|
Products/CMFPlone/FactoryTool.py in Plone 3.3 through 4.3.2 allows remote attackers to obtain the installation path via vectors related to a file object for unspecified documentation which is initial…
|
CWE-200
Information Exposure
|
CVE-2013-7060
|
2014-07-1 07:03 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257799
|
- |
|
livezilla
|
livezilla
|
Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) fi…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7003
|
2014-07-1 03:33 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257800
|
- |
|
microp_project
|
microp
|
Stack-based buffer overflow in MicroP 0.1.1.1600 allows remote attackers to execute arbitrary code via a crafted .mppl file. NOTE: it has been reported that the overflow is in the lpFileName paramet…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2010-5299
|
2014-07-1 03:07 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|