|
257861
|
- |
|
horde
|
groupware
internet_mail_program
|
Multiple cross-site scripting (XSS) vulnerabilities in Horde Internet Mail Program (IMP) before 6.1.8, as used in Horde Groupware Webmail Edition before 5.1.5, allow remote attackers to inject arbitr…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4945
|
2014-07-15 03:25 |
2014-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257862
|
- |
|
cross-rss_plugin_project
|
wp-cross-rss
|
Absolute path traversal vulnerability in Cross-RSS (wp-cross-rss) plugin 1.7 for WordPress allows remote attackers to read arbitrary files via a full pathname in the rss parameter to proxy.php.
|
CWE-22
Path Traversal
|
CVE-2014-4941
|
2014-07-15 03:20 |
2014-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257863
|
- |
|
bannersky
|
bsk_pdf_manager
|
Multiple SQL injection vulnerabilities in inc/bsk-pdf-dashboard.php in the BSK PDF Manager plugin 1.3.2 for WordPress allow remote authenticated users to execute arbitrary SQL commands via the (1) ca…
|
CWE-89
SQL Injection
|
CVE-2014-4944
|
2014-07-15 03:15 |
2014-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257864
|
- |
|
levelfourdevelopment
|
wp-easycart
|
The EasyCart (wp-easycart) plugin before 2.0.6 for WordPress allows remote attackers to obtain configuration information via a direct request to inc/admin/phpinfo.php, which calls the phpinfo functio…
|
CWE-200
Information Exposure
|
CVE-2014-4942
|
2014-07-15 03:12 |
2014-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257865
|
- |
|
arubanetworks
|
clearpass
|
SQL injection vulnerability in the Policy Manager in Aruba Networks ClearPass 5.x, 6.0.x, 6.1.x through 6.1.4.61696, 6.2.x through 6.2.6.62196, and 6.3.x before 6.3.4 allows remote authenticated user…
|
CWE-89
SQL Injection
|
CVE-2014-4013
|
2014-07-15 03:08 |
2014-07-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257866
|
- |
|
wp_rss_poster_plugin_project
|
wp-rss-poster
|
SQL injection vulnerability in the WP Rss Poster (wp-rss-poster) plugin 1.0.0 for WordPress allows remote attackers to execute arbitrary SQL commands via the id parameter in the wrp-add-new page to w…
|
CWE-89
SQL Injection
|
CVE-2014-4938
|
2014-07-15 02:42 |
2014-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257867
|
- |
|
dahuasecurity
|
dvr_firmware
|
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perfo…
|
CWE-287
Improper Authentication
|
CVE-2013-6117
|
2014-07-14 22:33 |
2014-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257868
|
- |
|
envialosimple
|
email_marketing_y_newsletters
|
Multiple cross-site scripting (XSS) vulnerabilities in paginas/vista-previa-form.php in the EnvialoSimple: Email Marketing and Newsletters (envialosimple-email-marketing-y-newsletters-gratis) plugin …
|
CWE-79
Cross-site Scripting
|
CVE-2014-4527
|
2014-07-12 02:59 |
2014-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257869
|
- |
|
silex
|
sx-2000wg_firmware
|
silex SX-2000WG devices with firmware before 1.5.4 allow remote attackers to cause a denial of service (connectivity outage) via crafted data in the Options field of a TCP header, a different vulnera…
|
CWE-20
Improper Input Validation
|
CVE-2014-3889
|
2014-07-12 02:58 |
2014-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257870
|
- |
|
garagesale_project
|
garagesale
|
Cross-site scripting (XSS) vulnerability in templates/printAdminUsersList_Footer.tpl.php in the GarageSale plugin before 1.2.3 for WordPress allows remote attackers to inject arbitrary web script or …
|
CWE-79
Cross-site Scripting
|
CVE-2014-4532
|
2014-07-12 02:58 |
2014-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
