Lista CVE - 2015 / Gennaio
Visualizzazione 1 - 100 di 713 CVE per Gennaio 2015 (Pagina 1 di 8)
| ID CVE | Data | Titolo |
|---|---|---|
| CVE-2011-5286 | 2015-01-01 | SQL injection vulnerability in social-slider-2/ajax.php in the Social Slider plugin before 7.4.2 for WordPress allows remote attackers to execute arbitrary SQL commands via the rA array parameter. |
| CVE-2011-5287 | 2015-01-01 | Multiple cross-site scripting (XSS) vulnerabilities in HESK before 2.4.1 allow remote attackers to inject arbitrary web script or HTML via the (1) hesk_settings[tmp_title] or (2) hesklang[ENCODING] parameter to inc/header.inc.php; the... |
| CVE-2011-5288 | 2015-01-01 | Multiple buffer overflows in the ThreeDify.ThreeDifyDesigner.1 ActiveX control in ActiveSolid.dll in ThreeDify Designer 5.0.2 allow remote attackers to execute arbitrary code via a long argument to the (1) cmdExport, (2)... |
| CVE-2011-5289 | 2015-01-01 | The SaveDecrypted method in the ChilkatCrypt2.ChilkatOmaDrm.1 ActiveX control in ChilkatCrypt2.dll in aTube Catcher 2.3.570 allows remote attackers to write to arbitrary files via a pathname in the argument. |
| CVE-2011-5290 | 2015-01-01 | The SaveToFile method in the UniBasicPack.UniTextBox ActiveX control in UniBasic100_EDA1811C.ocx in IDrive Online Backup 3.4.0 allows remote attackers to write to arbitrary files via a pathname in the first argument. |
| CVE-2011-5291 | 2015-01-01 | The SaveData method in the Cygnicon.ViewControl.1 ActiveX control in CyViewer.ocx in Ashampoo 3D CAD Professional 3.x before 3.0.2 allows remote attackers to write to arbitrary files via a pathname in... |
| CVE-2011-5292 | 2015-01-01 | The EaseWeFtp.FtpLibrary ActiveX control in EaseWeFtp.ocx in Easewe FTP OCX 4.5.0.9 does not restrict access to certain methods, which allows remote attackers to execute arbitrary files via a pathname in... |
| CVE-2011-5293 | 2015-01-01 | The cmdSave method in the ThreeDify.ThreeDifyDesigner.1 ActiveX control in ActiveSolid.dll in ThreeDify Designer 5.0.2 allows remote attackers to write to arbitrary files via a pathname in the argument. |
| CVE-2011-5294 | 2015-01-01 | The SaveMessage method in the LEADeMail.LEADSmtp.20 ActiveX control in LTCML14n.dll 14.0.0.34 in Kofax e-Transactions Sender Sendbox 2.5.0.933 allows remote attackers to write to arbitrary files via a pathname in the... |
| CVE-2011-5295 | 2015-01-01 | Buffer overflow in the Download method in a certain ActiveX control in MDIEEx.dll in Gogago YouTube Video Converter 1.1.6 allows remote attackers to execute arbitrary code via a long argument. |
| CVE-2011-5296 | 2015-01-01 | Cross-site scripting (XSS) vulnerability in profilo.php in Happy Chat 1.0 allows remote attackers to inject arbitrary web script or HTML via the nick parameter. |
| CVE-2011-5297 | 2015-01-01 | Multiple cross-site scripting (XSS) vulnerabilities in TTChat 1.0.4 allow remote attackers to inject arbitrary web script or HTML via (1) the msg parameter to default.php or (2) the username parameter... |
| CVE-2011-5298 | 2015-01-01 | Multiple cross-site request forgery (CSRF) vulnerabilities in Argyle Social 2011-04-26 allow remote attackers to hijack the authentication of administrators for requests that (1) modify credentials via the role parameter to... |
| CVE-2011-5299 | 2015-01-01 | Multiple cross-site scripting (XSS) vulnerabilities in poMMo Aardvark PR16.1 allow remote attackers to inject arbitrary web script or HTML via (1) the referer parameter to index.php, (2) the site_name parameter... |
| CVE-2011-5300 | 2015-01-01 | Cross-site request forgery (CSRF) vulnerability in admin/setup/config/users.php in poMMo Aardvark PR16.1 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via certain admin_ parameters. |
| CVE-2011-5301 | 2015-01-01 | Multiple cross-site scripting (XSS) vulnerabilities in PHPDug 2.0.0 allow remote attackers to inject arbitrary web script or HTML via (1) the story_url parameter to add_story.php, (2) the email parameter to... |
| CVE-2011-5302 | 2015-01-01 | Cross-site request forgery (CSRF) vulnerability in adm/admin_edit.php in PHPDug 2.0.0 allows remote attackers to hijack the authentication of administrators for requests that modify credentials. |
| CVE-2011-5303 | 2015-01-01 | Cross-site scripting (XSS) vulnerability in Spitfire CMS 1.0.436 allows remote attackers to inject arbitrary web script or HTML via a cms_username cookie. |
| CVE-2011-5304 | 2015-01-01 | Multiple cross-site scripting (XSS) vulnerabilities in the Sodahead Polls plugin before 2.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via (1) the poll_id parameter to... |
| CVE-2011-5305 | 2015-01-01 | Multiple cross-site scripting (XSS) vulnerabilities in CosmoShop ePRO 10.05.00 allow remote attackers to inject arbitrary web script or HTML via (1) the rcopy parameter to cgi-bin/admin/rubrikadmin.cgi, (2) the typ parameter... |
| CVE-2011-5306 | 2015-01-01 | Cross-site request forgery (CSRF) vulnerability in cgi-bin/admin/setup_edit.cgi in CosmoShop ePRO 10.05.00 allows remote attackers to hijack the authentication of administrators for requests that modify settings via a setup action. |
| CVE-2011-5307 | 2015-01-01 | Cross-site scripting (XSS) vulnerability in index.php in the PhotoSmash plugin 1.0.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the action parameter. |
| CVE-2011-5308 | 2015-01-01 | Multiple SQL injection vulnerabilities in cdnvote-post.php in the cdnvote plugin before 0.4.2 for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) cdnvote_post_id or (2) cdnvote_point parameter. |
| CVE-2011-5309 | 2015-01-01 | Cross-site scripting (XSS) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to inject arbitrary web script or HTML via the id parameter. |
| CVE-2011-5310 | 2015-01-01 | Directory traversal vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to read arbitrary files via a .. (dot dot) in the id parameter. |
| CVE-2011-5311 | 2015-01-01 | Cross-site request forgery (CSRF) vulnerability in pages.php in Wikipad 1.6.0 allows remote attackers to hijack the authentication of administrators for requests that modify pages via the data[text] parameter. |
| CVE-2011-5312 | 2015-01-01 | Multiple cross-site scripting (XSS) vulnerabilities in Gollos 2.8 allow remote attackers to inject arbitrary web script or HTML via the returnurl parameter to (1) register.aspx, (2) publication/info.aspx, or (3) user/add.aspx,... |
| CVE-2011-5313 | 2015-01-01 | Multiple SQL injection vulnerabilities in includes/password.php in Redaxscript 0.3.2 allow remote attackers to execute arbitrary SQL commands via the (1) id or (2) password parameter to the password_reset program. |
| CVE-2011-5314 | 2015-01-01 | templates/default/index.php in Redaxscript 0.3.2 allows remote attackers to obtain sensitive information via a direct request, which reveals the full path in an error message. |
| CVE-2011-5315 | 2015-01-01 | Cross-site request forgery (CSRF) vulnerability in admin/index.php in whCMS 0.115 alpha allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save action. |
| CVE-2011-5316 | 2015-01-01 | Cross-site request forgery (CSRF) vulnerability in admin/index.php in Cambio 0.5a nightly r37 allows remote attackers to hijack the authentication of administrators for requests that modify credentials via a user save... |
| CVE-2011-5317 | 2015-01-01 | Cross-site scripting (XSS) vulnerability in editText.php in WonderCMS before 0.4 allows remote attackers to inject arbitrary web script or HTML via the content parameter. |
| CVE-2011-5318 | 2015-01-01 | Multiple cross-site request forgery (CSRF) vulnerabilities in diafan.CMS before 5.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify articles via a save_post action to... |
| CVE-2013-7417 | 2015-01-02 | Cross-site scripting (XSS) vulnerability in cgi-bin/ipinfo.cgi in IPCop (aka IPCop Firewall) before 2.1.3 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING. NOTE: this can be... |
| CVE-2014-9436 | 2015-01-02 | Absolute path traversal vulnerability in SysAid On-Premise before 14.4.2 allows remote attackers to read arbitrary files via a \\\\ (four backslashes) in the fileName parameter to getRdsLogFile. |
| CVE-2014-9437 | 2015-01-02 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Sliding Social Icons plugin 1.61 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin... |
| CVE-2014-9438 | 2015-01-02 | Cross-site request forgery (CSRF) vulnerability in the Moderator Control Panel in vBulletin 4.2.2 allows remote attackers to hijack the authentication of administrators for requests that (1) ban a user via... |
| CVE-2014-9439 | 2015-01-02 | Cross-site scripting (XSS) vulnerability in Easy File Sharing Web Server 6.8 allows remote attackers to inject arbitrary web script or HTML via the username field during registration, which is not... |
| CVE-2014-9440 | 2015-01-02 | SQL injection vulnerability in browse.php in phpMyRecipes 1.2.2 allows remote attackers to execute arbitrary SQL commands via the category parameter. |
| CVE-2014-9441 | 2015-01-02 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Lightbox Photo Gallery plugin 1.0 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin... |
| CVE-2014-9434 | 2015-01-02 | Cross-site scripting (XSS) vulnerability in admin/managerrelated.php in the administrative backend in Absolut Engine 1.73 allows remote authenticated users to inject arbitrary web script or HTML via the title parameter. |
| CVE-2014-9435 | 2015-01-02 | Multiple SQL injection vulnerabilities in Absolut Engine 1.73 allow remote authenticated users to execute arbitrary SQL commands via the (1) sectionID parameter to admin/managersection.php, (2) userID parameter to admin/edituser.php, (3)... |
| CVE-2014-9442 | 2015-01-02 | SQL injection vulnerability in models/Cart66Ajax.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to execute arbitrary SQL commands via the q parameter in a promotionProductSearch... |
| CVE-2014-9443 | 2015-01-02 | Cross-site scripting (XSS) vulnerability in the Relevanssi plugin before 3.3.8 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-7293 | 2015-01-02 | Cross-site scripting (XSS) vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to inject arbitrary web script... |
| CVE-2014-7294 | 2015-01-02 | Open redirect vulnerability in the logon page in NYU OpenSSO Integration 2.1 and earlier for Ex Libris Patron Directory Services (PDS) allows remote attackers to redirect users to arbitrary web... |
| CVE-2014-9445 | 2015-01-02 | SQL injection vulnerability in incl/create.inc.php in Installatron GQ File Manager 0.2.5 allows remote attackers to execute arbitrary SQL commands via the create parameter to index.php. NOTE: this can be leveraged... |
| CVE-2014-9447 | 2015-01-02 | Directory traversal vulnerability in the read_long_names function in libelf/elf_begin.c in elfutils 0.152 and 0.161 allows remote attackers to write to arbitrary files to the root directory via a / (slash)... |
| CVE-2014-9449 | 2015-01-02 | Buffer overflow in the RiffVideo::infoTagsHandler function in riffvideo.cpp in Exiv2 0.24 allows remote attackers to cause a denial of service (crash) via a long IKEY INFO tag value in an... |
| CVE-2014-9451 | 2015-01-02 | Multiple stack-based buffer overflows in the DIVA web service API (/webservice) in VDG Security SENSE (formerly DIVA) 2.3.13 allow remote attackers to execute arbitrary code via the (1) user or... |
| CVE-2014-9452 | 2015-01-02 | Directory traversal vulnerability in VDG Security SENSE (formerly DIVA) 2.3.13 allows remote attackers to read arbitrary files via a .. (dot dot) in the default URI to images/. |
| CVE-2014-9453 | 2015-01-02 | Multiple cross-site scripting (XSS) vulnerabilities in simple-visitor-stat.php in the Simple visitor stat plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP User-Agent... |
| CVE-2014-9454 | 2015-01-02 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Simple Sticky Footer plugin before 1.3.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change... |
| CVE-2014-9456 | 2015-01-02 | Buffer overflow in NotePad++ 6.6.9 allows remote attackers to have unspecified impact via a long Time attribute in an Event element in an XML file. NOTE: this issue was originally... |
| CVE-2014-9458 | 2015-01-02 | Heap-based buffer overflow in the GDB debugger module in Hex-Rays IDA Pro before 6.6 cumulative fix 2014-12-24 allows remote GDB servers to have unspecified impact via unknown vectors. |
| CVE-2014-9459 | 2015-01-02 | Cross-site request forgery (CSRF) vulnerability in the AdminObserver function in e107_admin/users.php in e107 2.0 alpha2 allows remote attackers to hijack the authentication of administrators for requests that add users to... |
| CVE-2014-9460 | 2015-01-02 | Multiple cross-site request forgery (CSRF) vulnerabilities in the WP-ViperGB plugin before 1.3.11 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings... |
| CVE-2014-9444 | 2015-01-02 | Cross-site scripting (XSS) vulnerability in the Frontend Uploader plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the errors[fu-disallowed-mime-type][0][name] parameter to the default URI. |
| CVE-2014-9446 | 2015-01-02 | Multiple cross-site scripting (XSS) vulnerabilities in the Staff client in Koha before 3.16.6 and 3.18.x before 3.18.2 allow remote attackers to inject arbitrary web script or HTML via the sort_by... |
| CVE-2014-9448 | 2015-01-02 | Buffer overflow in Mini-stream RM-MP3 Converter 3.1.2.1.2010.03.30 allows remote attackers to execute arbitrary code or cause a denial of service (crash) via a long string in a WAX file. |
| CVE-2014-9450 | 2015-01-02 | Multiple SQL injection vulnerabilities in chart_bar.php in the frontend in Zabbix before 1.8.22, 2.0.x before 2.0.14, and 2.2.x before 2.2.8 allow remote attackers to execute arbitrary SQL commands via the... |
| CVE-2014-9455 | 2015-01-02 | SQL injection vulnerability in showads.php in CTS Projects & Software ClassAd 3.0 allows remote attackers to execute arbitrary SQL commands via the catid parameter. |
| CVE-2014-9457 | 2015-01-02 | SQL injection vulnerability in classes/mono_display.class.php in PMB 4.1.3 and earlier allows remote authenticated users to execute arbitrary SQL commands via the id parameter to catalog.php. |
| CVE-2014-9428 | 2015-01-02 | The batadv_frag_merge_packets function in net/batman-adv/fragmentation.c in the B.A.T.M.A.N. implementation in the Linux kernel through 3.18.1 uses an incorrect length field during a calculation of an amount of memory, which allows... |
| CVE-2013-7418 | 2015-01-02 | cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be exploited remotely by... |
| CVE-2014-9461 | 2015-01-02 | Directory traversal vulnerability in models/Cart66.php in the Cart66 Lite plugin before 1.5.4 for WordPress allows remote authenticated users to read arbitrary files via a .. (dot dot) in the member_download... |
| CVE-2014-9427 | 2015-01-03 | sapi/cgi/cgi_main.c in the CGI component in PHP through 5.4.36, 5.5.x through 5.5.20, and 5.6.x through 5.6.4, when mmap is used to read a .php file, does not properly consider the... |
| CVE-2010-5314 | 2015-01-03 | Cross-site scripting (XSS) vulnerability in controllers/home_controller.php in BEdita before 3.1 allows remote attackers to inject arbitrary web script or HTML via the searchstring parameter to news/index. |
| CVE-2010-5315 | 2015-01-03 | Multiple cross-site request forgery (CSRF) vulnerabilities in BEdita before 3.1 allow remote attackers to hijack the authentication of administrators for requests that (1) create categories via a data array to... |
| CVE-2010-5316 | 2015-01-03 | Cross-site scripting (XSS) vulnerability in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to inject arbitrary web script or HTML via a top_height cookie. |
| CVE-2010-5317 | 2015-01-03 | Multiple SQL injection vulnerabilities in index.php in SweetRice CMS before 0.6.7.1 allow remote attackers to execute arbitrary SQL commands via (1) the file_name parameter in an attachment action, (2) the... |
| CVE-2010-5318 | 2015-01-03 | The password-reset feature in as/index.php in SweetRice CMS before 0.6.7.1 allows remote attackers to modify the administrator's password by specifying the administrator's e-mail address in the email parameter. |
| CVE-2010-5319 | 2015-01-03 | Multiple cross-site request forgery (CSRF) vulnerabilities in Kandidat CMS 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a validate action to... |
| CVE-2010-5320 | 2015-01-03 | Multiple cross-site request forgery (CSRF) vulnerabilities in MemHT Portal 4.0.1 allow remote attackers to hijack the authentication of administrators for requests that (1) modify settings via a configuration action to... |
| CVE-2014-9464 | 2015-01-03 | SQL injection vulnerability in Category.php in Microweber CMS 0.95 before 20141209 allows remote attackers to execute arbitrary SQL commands via the category parameter when displaying a category, related to the... |
| CVE-2013-2131 | 2015-01-04 | Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the... |
| CVE-2014-9276 | 2015-01-04 | Cross-site request forgery (CSRF) vulnerability in the Special:ExpandedTemplates page in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgRawHTML is set to true, allows remote... |
| CVE-2014-9277 | 2015-01-04 | The wfMangleFlashPolicy function in OutputHandler.php in MediaWiki before 1.19.22, 1.20.x through 1.22.x before 1.22.14, and 1.23.x before 1.23.7 allows remote attackers to conduct PHP object injection attacks via a crafted... |
| CVE-2014-9506 | 2015-01-04 | MantisBT before 1.2.18 does not properly check permissions when sending an email that indicates when a monitored issue is related to another issue, which allows remote authenticated users to obtain... |
| CVE-2014-9507 | 2015-01-04 | MediaWiki 1.21.x, 1.22.x before 1.22.14, and 1.23.x before 1.23.7, when $wgContentHandlerUseDB is enabled, allows remote attackers to conduct cross-site scripting (XSS) attacks by setting the content model for a revision... |
| CVE-2014-9508 | 2015-01-04 | The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set and using a homepage with links that only... |
| CVE-2014-9509 | 2015-01-04 | The frontend rendering component in TYPO3 4.5.x before 4.5.39, 4.6.x through 6.2.x before 6.2.9, and 7.x before 7.0.2, when config.prefixLocalAnchors is set to all or cached, allows remote attackers to... |
| CVE-2014-1679 | 2015-01-05 | Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite before 7.2.2-rev31, 7.4.0 before 7.4.0-rev27, and 7.4.1 before 7.4.1-rev17 allows remote attackers to inject arbitrary web script or HTML via the header... |
| CVE-2014-2598 | 2015-01-05 | Cross-site request forgery (CSRF) vulnerability in the Quick Page/Post Redirect plugin before 5.0.5 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting... |
| CVE-2014-8083 | 2015-01-05 | SQL injection vulnerability in the Search::setJsonAlert method in OSClass before 3.4.3 allows remote attackers to execute arbitrary SQL commands via the alert parameter in a search alert subscription action. |
| CVE-2014-8084 | 2015-01-05 | Directory traversal vulnerability in oc-includes/osclass/controller/ajax.php in OSClass before 3.4.3 allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the ajaxfile parameter in a... |
| CVE-2014-8085 | 2015-01-05 | Unrestricted file upload vulnerability in the CWebContact::doModel method in oc-includes/osclass/controller/contact.php in OSClass before 3.4.3 allows remote attackers to execute arbitrary PHP code by uploading a file with a PHP extension,... |
| CVE-2014-9389 | 2015-01-05 | Directory traversal vulnerability in Sonatype Nexus OSS and Pro before 2.11.1-01 allows remote attackers to read or write to arbitrary files via unspecified vectors. |
| CVE-2014-9517 | 2015-01-05 | Cross-site scripting (XSS) vulnerability in D-link IP camera DCS-2103 with firmware before 1.20 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to vb.htm. |
| CVE-2014-9522 | 2015-01-05 | Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or... |
| CVE-2014-9525 | 2015-01-05 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugin 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin... |
| CVE-2014-9516 | 2015-01-05 | Cross-site scripting (XSS) vulnerability in Social Microblogging PRO 1.5 allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the default URI, related to the "Web... |
| CVE-2014-9518 | 2015-01-05 | Cross-site scripting (XSS) vulnerability in login.cgi in D-Link router DIR-655 (rev Bx) with firmware before 2.12b01 allows remote attackers to inject arbitrary web script or HTML via the html_response_page parameter. |
| CVE-2014-9519 | 2015-01-05 | SQL injection vulnerability in login.php in InfiniteWP Admin Panel before 2.4.3 allows remote attackers to execute arbitrary SQL commands via the email parameter. |
| CVE-2014-9520 | 2015-01-05 | SQL injection vulnerability in execute.php in InfiniteWP Admin Panel before 2.4.4 allows remote attackers to execute arbitrary SQL commands via the historyID parameter. |
| CVE-2014-9521 | 2015-01-05 | Unrestricted file upload vulnerability in uploadScript.php in InfiniteWP Admin Panel before 2.4.4, when the allWPFiles query parameter is set, allows remote attackers to execute arbitrary code by uploading a file... |
| CVE-2014-9523 | 2015-01-05 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanced) plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1)... |
| CVE-2014-9524 | 2015-01-05 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1)... |
| CVE-2014-9526 | 2015-01-05 | Multiple cross-site scripting (XSS) vulnerabilities in concrete5 5.7.2.1, 5.7.2, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) gName parameter in single_pages/dashboard/users/groups/bulkupdate.php or (2)... |
| CVE-2014-3628 | 2015-01-06 | Cross-site scripting (XSS) vulnerability in the Admin UI Plugin / Stats page in Apache Solr 4.x before 4.10.3 allows remote attackers to inject arbitrary web script or HTML via the... |