| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| A vulnerability was found in valtech IDP Test Client and classified as problematic. Affected by this issue is some unknown functionality of the file python-flask/main.py. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The name of the patch is f1e7b3d431c8681ec46445557125890c14fa295f. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217148. |
| An issue was discovered in the DBI module through 1.643 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute in the data source name (DSN). NOTE: this issue exists because of an incomplete fix for CVE-2014-10401. |
| An issue was discovered in the DBI module before 1.632 for Perl. DBD::File drivers can open files from folders other than those specifically passed via the f_dir attribute. |
| The session.lua library in CGILua 5.0.x uses sequential session IDs, which makes it easier for remote attackers to predict the session ID and hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875. |
| The session.lua library in CGILua 5.1.x uses the same ID for each session, which allows remote attackers to hijack arbitrary sessions. NOTE: this vulnerability was SPLIT from CVE-2014-2875. |
| Multiple cross-site scripting (XSS) vulnerabilities in bsi.dll in Bank Soft Systems (BSS) RBS BS-Client. Private Client (aka RBS BS-Client. Retail Client) 2.5, 2.4, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) DICTIONARY, (2) FILTERIDENT, (3) FROMSCHEME, (4) FromPoint, or (5) FName_0 parameter and a valid sid parameter value. |
| The Antioch theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to lib/scripts/download.php. |
| The epic theme through 2014-09-07 for WordPress allows arbitrary file downloads via the file parameter to includes/download.php. |
| The cp-polls plugin before 1.0.1 for WordPress has XSS in the votes list. |
| The rich-counter plugin before 1.2.0 for WordPress has JavaScript injection via a User-Agent header. |
| The cforms2 plugin before 10.5 for WordPress has XSS. |
| The cforms2 plugin before 10.2 for WordPress has XSS. |
| The wp-support-plus-responsive-ticket-system plugin before 4.1 for WordPress has JavaScript injection. |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has directory traversal. |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has incorrect authentication. |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has full path disclosure. |
| The wp-support-plus-responsive-ticket-system plugin before 4.2 for WordPress has SQL injection. |
| The wp-live-chat-support plugin before 4.1.0 for WordPress has JavaScript injections. |
| The memphis-documents-library plugin before 3.0 for WordPress has XSS via $_REQUEST. |
| The memphis-documents-library plugin before 3.0 for WordPress has Local File Inclusion. |
