257981
|
- |
|
phpnuke
|
php-nuke submit_news_module
|
SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.
|
CWE-89
SQL Injection
|
CVE-2014-3934
|
2014-06-3 20:03 |
2014-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257982
|
- |
|
cososys
|
endpoint_protector
|
SQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys Endpoint Protector 4 4.3.0.4 and 4.4.0.2 allows remote attackers to execute arbitrary SQL commands vi…
|
CWE-89
SQL Injection
|
CVE-2014-3932
|
2014-06-3 19:49 |
2014-06-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257983
|
- |
|
debian
|
xbuffy
|
Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subje…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0469
|
2014-05-31 13:30 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257984
|
- |
|
typo3
|
typo3
|
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors t…
|
CWE-20
Improper Input Validation
|
CVE-2013-4250
|
2014-05-31 13:25 |
2014-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257985
|
- |
|
canonical
|
ltsp_display_manager ubuntu_linux
|
The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.
|
CWE-78
OS Command
|
CVE-2012-1166
|
2014-05-31 13:09 |
2014-05-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257986
|
- |
|
mp3info
|
mp3info
|
Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this …
|
NVD-CWE-Other
|
CVE-2006-2465
|
2014-05-31 11:22 |
2006-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257987
|
- |
|
jasig
|
uportal
|
uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3417
|
2014-05-31 01:36 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257988
|
- |
|
jasig
|
uportal
|
uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-adm…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3416
|
2014-05-31 01:35 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257989
|
- |
|
sosreport_project
|
sosreport
|
SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive.
|
CWE-255
Credentials Management
|
CVE-2014-0246
|
2014-05-30 22:59 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257990
|
- |
|
google_authenticator_login_project
|
ga_login
|
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password …
|
CWE-287
Improper Authentication
|
CVE-2013-4178
|
2014-05-30 22:35 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|