| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute. |
| The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875. |
| The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875. |
| Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client. Private Client (aka RBS BS-Client. Retail Client) 2.5, 2.4, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) DICTIONARY, (2) FILTERIDENT, (3) FROMSCHEME, (4) FromPoint, or (5) FName_0 parameter and a valid sid parameter value. |
| The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php. |
| The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php. |
| The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list. |
| The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header. |
| The cforms2 plugin before 10.5 for WordPress has XSS. |
| The cforms2 plugin before 10.2 for WordPress has XSS. |
| The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection. |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal. |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication. |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure. |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection. |
| The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections. |
| The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST. |
| The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion. |
| The memphis-documents-library plugin before 3.0 for WordPress has Remote File Inclusion. |
| The feature-comments plugin before 1.2.5 for WordPress has CSRF for featuring or burying a comment. |
