258161
|
- |
|
semantictitle_project
|
semantictitle
|
Cross-site scripting (XSS) vulnerability in the SemanticTitle extension before 1.1.0 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-2854
|
2014-05-10 02:49 |
2014-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258162
|
- |
|
bradesco_gateway_plugin_project
|
bradesco_gateway
|
Cross-site scripting (XSS) vulnerability in falha.php in the Bradesco Gateway plugin 2.0 for Wordpress, as used in the WP e-Commerce plugin, allows remote attackers to inject arbitrary web script or …
|
CWE-79
Cross-site Scripting
|
CVE-2013-5916
|
2014-05-10 02:42 |
2014-05-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258163
|
- |
|
sks_keyserver_project
|
sks_keyserver
|
Cross-site scripting (XSS) vulnerability in wserver.ml in SKS Keyserver before 1.1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to pks/lookup/undefined1.
|
CWE-79
Cross-site Scripting
|
CVE-2014-3207
|
2014-05-10 02:37 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258164
|
- |
|
wpgetready
|
nextcellent_gallery
|
Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, Ne…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3123
|
2014-05-10 02:29 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258165
|
- |
|
zabbix fedoraproject
|
zabbix fedora
|
The Frontend in Zabbix before 1.8.20rc2, 2.0.x before 2.0.11rc2, and 2.2.x before 2.2.2rc1 allows remote "Zabbix Admin" users to modify the media of arbitrary users via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2014-1685
|
2014-05-10 01:46 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258166
|
- |
|
zabbix fedoraproject
|
zabbix fedora
|
The API in Zabbix before 1.8.20rc1, 2.0.x before 2.0.11rc1, and 2.2.x before 2.2.2rc1 allows remote authenticated users to spoof arbitrary users via the user name in a user.login request.
|
CWE-287
Improper Authentication
|
CVE-2014-1682
|
2014-05-10 01:41 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258167
|
- |
|
theforeman
|
kafo
|
Kafo before 0.3.17 and 0.4.x before 0.5.2, as used by Foreman, uses world-readable permissions for default_values.yaml, which allows local users to obtain passwords and other sensitive information by…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0135
|
2014-05-10 01:12 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258168
|
- |
|
dest-unreach
|
socat
|
socat 1.2.0.0 before 1.7.2.2 and 2.0.0-b1 before 2.0.0-b6, when used for a listen type address and the fork option is enabled, allows remote attackers to cause a denial of service (file descriptor co…
|
NVD-CWE-noinfo
|
CVE-2013-3571
|
2014-05-9 23:00 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258169
|
- |
|
oracle
|
peoplesoft_products
|
Unspecified vulnerability in the PeopleSoft Enterprise PT PeopleTools component in Oracle PeopleSoft Products 8.52 and 8.53 allows remote attackers to affect integrity via vectors related to PIA Core…
|
NVD-CWE-noinfo
|
CVE-2014-2443
|
2014-05-9 21:03 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258170
|
- |
|
theforeman
|
foreman
|
The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands.
|
CWE-94
Code Injection
|
CVE-2013-0210
|
2014-05-9 00:29 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|