Multiple cross-site scripting (XSS) vulnerabilities in Webmin before 1.690 and Usermin before 1.600 allow remote attackers to inject arbitrary web script or HTML via vectors related to popup windows.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.29%
Published
2014-05-30
Updated
2014-07-17
Multiple cross-site scripting (XSS) vulnerabilities in the Digital Zoom Studio (DZS) Video Gallery plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the logoLink parameter to (1) preview.swf, (2) preview_skin_rouge.swf, (3) preview_allchars.swf, or (4) preview_skin_overlay.swf in deploy/.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.22%
Published
2014-05-30
Updated
2014-06-25
Cross-site scripting (XSS) vulnerability in Trend Micro InterScan Messaging Security Virtual Appliance 8.5.1.1516 allows remote authenticated users to inject arbitrary web script or HTML via the addWhiteListDomainStr parameter to addWhiteListDomain.imss.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.23%
Published
2014-05-30
Updated
2016-09-06
Cross-site scripting (XSS) vulnerability in popup.php in the Simple Popup Images plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the z parameter.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.22%
Published
2014-05-30
Updated
2014-06-24
Multiple SQL injection vulnerabilities in the administration login page in D-Link DAP-1350 (Rev. A1) with firmware 1.14 and earlier allow remote attackers to execute arbitrary SQL commands via the (1) username or (2) password.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.21%
Published
2014-05-27
Updated
2023-04-26
Multiple SQL injection vulnerabilities in register.php in Geodesic Solutions GeoCore MAX 7.3.3 (formerly GeoClassifieds and GeoAuctions) allow remote attackers to execute arbitrary SQL commands via the (1) c[password] or (2) c[username] parameter. NOTE: the b parameter to index.php vector is already covered by CVE-2006-3823.
Source: MITRE
Max CVSS
7.5
EPSS Score
0.93%
Published
2014-05-27
Updated
2015-09-29
Cross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the styleShortName parameter in an adminStyleAdd action to OSBiB/create/index.php.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.22%
Published
2014-05-27
Updated
2014-05-28
The Meeting Server in IBM Sametime 8.x through 8.5.2.1 and 9.x through 9.0.0.1 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie, a different vulnerability than CVE-2013-3984.
Source: MITRE
Max CVSS
5.0
EPSS Score
0.29%
Published
2014-05-26
Updated
2017-08-29
Multiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that change the (1) administrative password via the passwordc parameter or (2) administrative e-mail address via the email parameter.
Source: MITRE
Max CVSS
6.8
EPSS Score
0.32%
Published
2014-05-26
Updated
2014-05-29
Multiple directory traversal vulnerabilities in dpkg-source in dpkg-dev 1.3.0 allow remote attackers to modify files outside of the intended directories via a source package with a crafted Index: pseudo-header in conjunction with (1) missing --- and +++ header lines or (2) a +++ header line with a blank pathname.
Source: MITRE
Max CVSS
6.4
EPSS Score
15.91%
Published
2014-05-30
Updated
2017-12-29
Directory traversal vulnerability in dpkg-source in dpkg-dev 1.3.0 allows remote attackers to modify files outside of the intended directories via a crafted source package that lacks a --- header line.
Source: MITRE
Max CVSS
6.4
EPSS Score
0.85%
Published
2014-05-30
Updated
2017-12-29
The iMember360 plugin 3.8.012 through 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to delete arbitrary users via a request containing a user name in the Email parameter and the API key in the i4w_clearuser parameter.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.65%
Published
2014-05-23
Updated
2014-05-27
The iMember360 plugin before 3.9.001 for WordPress does not properly restrict access, which allows remote attackers to obtain database credentials via the i4w_dbinfo parameter.
Source: MITRE
Max CVSS
5.0
EPSS Score
0.63%
Published
2014-05-23
Updated
2014-05-27
Cross-site scripting (XSS) vulnerability in Flying Cart allows remote attackers to inject arbitrary web script or HTML via the p parameter to index.php.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.22%
Published
2014-05-22
Updated
2014-06-25
Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that change plugin settings via unknown vectors. NOTE: some of these details are obtained from third party information.
Source: MITRE
Max CVSS
6.8
EPSS Score
0.08%
Published
2014-05-22
Updated
2014-06-27
The TinyMCE Color Picker plugin before 1.2 for WordPress does not properly check permissions, which allows remote attackers to modify plugin settings via unspecified vectors. NOTE: some of these details are obtained from third party information.
Source: MITRE
Max CVSS
5.0
EPSS Score
0.22%
Published
2014-05-22
Updated
2014-06-27
Cross-site request forgery (CSRF) vulnerability in the Search Everything plugin before 8.1.1 for WordPress allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
Source: MITRE
Max CVSS
6.8
EPSS Score
0.08%
Published
2014-05-22
Updated
2014-06-27
Multiple cross-site scripting (XSS) vulnerabilities in the iMember360 plugin 3.8.012 through 3.9.001 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) decrypt or (2) encrypt parameter.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.26%
Published
2014-05-22
Updated
2014-06-27
Cross-site scripting (XSS) vulnerability in the Contact Bank plugin before 2.0.20 for WordPress allows remote attackers to inject arbitrary web script or HTML via the Label field, related to form layout configuration. NOTE: some of these details are obtained from third party information.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.15%
Published
2014-05-22
Updated
2014-06-27
Multiple cross-site scripting (XSS) vulnerabilities in apps/common/templates/calculate_form_title.html in Mayan EDMS 0.13 allow remote authenticated users to inject arbitrary web script or HTML via a (1) tag or the (2) title of a source in a Staging folder, (3) Name field in a bootstrap setup, or Title field in a (4) smart link or (5) web form.
Source: MITRE
Max CVSS
3.5
EPSS Score
0.36%
Published
2014-05-27
Updated
2014-06-18
Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive before 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) role parameter to roles.lsp, (2) name parameter to user.lsp, (3) path parameter to wizard/setuser.lsp, (4) host parameter to tunnelconstr.lsp, or (5) newpath parameter to wfsconstr.lsp in rtl/protected/admin/.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.21%
Published
2014-05-21
Updated
2021-05-26
Multiple cross-site scripting (XSS) vulnerabilities in BarracudaDrive 6.7.2 allow remote attackers to inject arbitrary web script or HTML via the (1) blog, (2) bloggeruser, or (3) bloggerpasswd parameter to private/manage/.
Source: MITRE
Max CVSS
4.3
EPSS Score
0.17%
Published
2014-05-21
Updated
2014-05-22
Directory traversal vulnerability in cgi-bin/help/doIt.cgi in VMTurbo Operations Manager before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) in the xml_path parameter.
Source: MITRE
Max CVSS
5.0
EPSS Score
18.46%
Published
2014-05-21
Updated
2018-10-09
The SpeechInput feature in Blink, as used in Google Chrome before 35.0.1916.114, allows remote attackers to enable microphone access and obtain speech-recognition text without indication via an INPUT element with a -x-webkit-speech attribute.
Source: MITRE
Max CVSS
4.3
EPSS Score
2.35%
Published
2014-05-21
Updated
2017-01-07
msdia.dll in Microsoft Debug Interface Access (DIA) SDK, as distributed in Microsoft Visual Studio before 2013, does not properly validate an unspecified variable before use in calculating a dynamic-call address, which allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted PDB file.
Source: MITRE
Max CVSS
6.8
EPSS Score
15.35%
Published
2014-05-20
Updated
2016-09-09
550 vulnerabilities found
1 2 3 4 5 6 ...... 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22
This web site uses cookies for managing your session, storing preferences, website analytics and additional purposes described in our privacy policy.
By using this web site you are agreeing to CVEdetails.com terms of use!