|
257381
|
- |
|
redhat
|
enterprise_mrg
|
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, does not include the HTTPOnly flag in a Set-Cookie header for the session cookie, which makes it easier for remote attackers…
|
CWE-200
Information Exposure
|
CVE-2014-0174
|
2014-07-12 00:23 |
2014-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257382
|
- |
|
pnp4nagios
|
pnp4nagios
|
Multiple cross-site scripting (XSS) vulnerabilities in PNP4Nagios through 0.6.22 allow remote attackers to inject arbitrary web script or HTML via the URI used for reaching (1) share/pnp/application/…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4908
|
2014-07-11 23:49 |
2014-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257383
|
- |
|
polldaddy_polls_\&_ratings_plugin_project
|
polldaddy_polls_\&_ratings
|
Cross-site scripting (XSS) vulnerability in the Polldaddy Polls & Ratings plugin before 2.0.25 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a ra…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4856
|
2014-07-11 09:49 |
2014-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257384
|
- |
|
polylang_plugin_project
|
polylang
|
Cross-site scripting (XSS) vulnerability in the Polylang plugin before 1.5.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via vectors related to a user description. N…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4855
|
2014-07-11 09:42 |
2014-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257385
|
- |
|
opendocman
|
opendocman
|
Cross-site scripting (XSS) vulnerability in odm-init.php in OpenDocMan before 1.2.7.3 allows remote authenticated users to inject arbitrary web script or HTML via the file name of an uploaded file.
|
CWE-79
Cross-site Scripting
|
CVE-2014-4853
|
2014-07-11 09:10 |
2014-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257386
|
- |
|
thedigitalcraft
|
atomcms
|
SQL injection vulnerability in admin/uploads.php in The Digital Craft AtomCMS, possibly 2.0, allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2014-4852
|
2014-07-11 09:08 |
2014-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257387
|
- |
|
wp_appointments_schedules_project
|
wp_appointments_schedules
|
Cross-site scripting (XSS) vulnerability in js/test.php in the Appointments Scheduler plugin 1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the lang …
|
CWE-79
Cross-site Scripting
|
CVE-2014-4579
|
2014-07-11 03:42 |
2014-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257388
|
- |
|
hot_files\
|
file_sharing_and_download_manager_project
|
Cross-site scripting (XSS) vulnerability in tpls/editmedia.php in the Hot Files: File Sharing and Download Manager (wphotfiles) plugin 1.0.0 and earlier for WordPress allows remote attackers to injec…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4588
|
2014-07-11 03:11 |
2014-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257389
|
- |
|
wp_plugin_manager_project
|
wp_plugin_manager
|
Cross-site scripting (XSS) vulnerability in wp-plugins-net/index.php in the WP Plugin Manager (wppm) plugin 1.6.4.b and earlier for WordPress allows remote attackers to inject arbitrary web script or…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4593
|
2014-07-11 02:54 |
2014-07-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257390
|
- |
|
foecms
|
foecms
|
Open redirect vulnerability in msg.php in FoeCMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the r parameter.
|
NVD-CWE-Other
|
CVE-2014-4851
|
2014-07-11 02:54 |
2014-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
