CVE-2013-7380

The Etherpad Lite ep_imageconvert Plugin has a Remote Command Injection Vulnerability

Source: CVE-2013-7380

CVE-2014-5093

Status2k does not remove the install directory allowing credential reset.

Source: CVE-2014-5093

CVE-2013-6231

SpagoBI before 4.1 has Privilege Escalation via an error in the AdapterHTTP script

Source: CVE-2013-6231

CVE-2014-4561

The ultimate-weather plugin 1.0 for WordPress has XSS

Source: CVE-2014-4561

CVE-2013-6430

The JavaScriptUtils.javaScriptEscape method in web/util/JavaScriptUtils.java in Spring MVC in Spring Framework before 3.2.2 does not properly escape certain characters, which allows remote attackers to conduct cross-site scripting (XSS) attacks via a (1) line separator or (2) paragraph separator Unicode character or (3) left or (4) right angle bracket.

Source: CVE-2013-6430

CVE-2014-5092

Status2k allows Remote Command Execution in admin/options/editpl.php.

Source: CVE-2014-5092

CVE-2011-4595

Pretty-Link WordPress plugin 1.5.2 has XSS

Source: CVE-2011-4595

CVE-2014-5081

sphider prior to 1.3.6, sphider-pro prior to 3.2, and sphider-plus prior to 3.2 allow authentication bypass

Source: CVE-2014-5081

CVE-2014-4530

flog plugin 0.1 for WordPress has XSS

Source: CVE-2014-4530

CVE-2014-4982

LPAR2RRD ? 4.53 and ? 3.5 has arbitrary command injection on the application server.

Source: CVE-2014-4982