Cross-site scripting (XSS) vulnerability in admin/manage-images.php in the NextCellent Gallery plugin before 1.19.18 for WordPress allows remote authenticated users with the NextGEN Upload images, NextGEN Manage gallery, or NextGEN Manage others gallery permission to...
Multiple cross-site request forgery (CSRF) vulnerabilities in the web administration console in Fortinet FortiWeb before 5.2.0 allow remote attackers to hijack the authentication of administrators via system/config/adminadd and other unspecified vectors. Date published :...
The directory manager in Caldera 9.20 allows remote attackers to conduct variable-injection attacks in the global scope via (1) the maindir_hotfolder parameter to dirmng/index.php, or an unspecified parameter to (2) PPD/index.php, (3) dirmng/docmd.php, or...
costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request. Date published : 2014-05-08 http://www.securityfocus.com/bid/67252 http://www.kb.cert.org/vuls/id/693092
Multiple SQL injection vulnerabilities in Caldera 9.20 allow remote attackers to execute arbitrary SQL commands via the tr parameter to (1) costview2/jobs.php or (2) costview2/printers.php. Date published : 2014-05-08 http://www.kb.cert.org/vuls/id/693092
Directory traversal vulnerability in dirmng/index.php in Caldera 9.20 allows remote attackers to access arbitrary directories via a crafted pathname. Date published : 2014-05-08 http://www.kb.cert.org/vuls/id/693092
Cross-site scripting (XSS) vulnerability in the SemanticTitle extension before 1.1.0 for MediaWiki allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. Date published : 2014-05-08 http://www.mediawiki.org/wiki/Extension:SemanticTitle#Version_1.1.0
Cross-site scripting (XSS) vulnerability in Offiria 2.1.0 and earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to installer/index.php. Date published : 2014-05-08 http://www.securityfocus.com/bid/66657 http://www.securityfocus.com/archive/1/532048/100/0/threaded
Unspecified vulnerability in HP OneView 1.0 and 1.01 allows remote authenticated users to gain privileges via unknown vectors. Date published : 2014-05-08 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04273152 https://h20564.www2.hp.com/portal/site/hpsc/public/kb/docDisplay?docId=emr_na-c04273152
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service...
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service...
Heap-based buffer overflow in Cisco WebEx Recording Format (WRF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of...
Buffer overflow in Cisco Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allows remote attackers to execute arbitrary code or cause a denial of service...
Cisco WebEx Recording Format (WRF) player and Advanced Recording Format (ARF) player T27 LD before SP32 EP16, T28 before T28.12, and T29 before T29.2 allow remote attackers to cause a denial of service (application...