Vulnerabilities
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2014-12-02 | CVE-2014-9183 | Credentials Management vulnerability in ZTE Zxdsl 831Cii ZTE ZXDSL 831CII has a default password of admin for the admin account, which allows remote attackers to gain administrator privileges. | 10.0 |
| 2014-12-02 | CVE-2014-9182 | Cross-Site Scripting vulnerability in Anchorcms Anchor CMS 0.9.1 models/comment.php in Anchor CMS 0.9.2 and earlier allows remote attackers to inject arbitrary headers into mail messages via a crafted Host: header. | 4.3 |
| 2014-12-02 | CVE-2014-9181 | Path Traversal vulnerability in Plex Media Server 0.9.9.2 Multiple directory traversal vulnerabilities in Plex Media Server before 0.9.9.3 allow remote attackers to read arbitrary files via a .. | 5.0 |
| 2014-12-02 | CVE-2014-9180 | Unspecified vulnerability in Eleanor-Cms Eleanor CMS Open redirect vulnerability in go.php in Eleanor CMS allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the QUERY_STRING. | 5.0 |
| 2014-12-02 | CVE-2014-9179 | Cross-Site Scripting vulnerability in Supportezzy Ticket System Project Supportezzy Ticket System 1.2.5 Cross-site scripting (XSS) vulnerability in the SupportEzzy Ticket System plugin 1.2.5 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the "URL (optional)" field in a new ticket. | 4.0 |
| 2014-12-02 | CVE-2014-9178 | SQL Injection vulnerability in Smartypantsplugins SP Project & Document Manager 2.4.1 Multiple SQL injection vulnerabilities in classes/ajax.php in the Smarty Pants Plugins SP Project & Document Manager plugin (sp-client-document-manager) 2.4.1 and earlier for WordPress allow remote attackers to execute arbitrary SQL commands via the (1) vendor_email[] parameter in the email_vendor function or id parameter in the (2) download_project, (3) download_archive, or (4) remove_cat function. | 7.5 |
| 2014-12-02 | CVE-2014-9177 | Information Exposure vulnerability in Svnlabs Html5 MP3 Player With Playlist Free 2.6 The HTML5 MP3 Player with Playlist Free plugin before 2.7 for WordPress allows remote attackers to obtain the installation path via a request to html5plus/playlist.php. | 5.0 |
| 2014-12-02 | CVE-2014-9176 | Cross-Site Scripting vulnerability in Instasqueeze Sexy Squeeze Pages Cross-site scripting (XSS) vulnerability in the InstaSqueeze Sexy Squeeze Pages plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter to lp/index.php. | 4.3 |
| 2014-12-02 | CVE-2014-9175 | SQL Injection vulnerability in Wpdatatables 1.5.3 SQL injection vulnerability in wpdatatables.php in the wpDataTables plugin 1.5.3 and earlier for WordPress allows remote attackers to execute arbitrary SQL commands via the table_id parameter in a get_wdtable action to wp-admin/admin-ajax.php. | 7.5 |
| 2014-12-02 | CVE-2014-9174 | Cross-Site Scripting vulnerability in Yoast Google Analytics 5.1/5.1.1 Cross-site scripting (XSS) vulnerability in the Google Analytics by Yoast (google-analytics-for-wordpress) plugin before 5.1.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Manually enter your UA code" (manual_ua_code_field) field in the General Settings. | 4.3 |