257951
|
- |
|
owncloud
|
owncloud
|
lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV.
|
CWE-20
Improper Input Validation
|
CVE-2012-5336
|
2014-06-5 02:28 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257952
|
- |
|
owncloud
|
owncloud
|
CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter.
|
NVD-CWE-Other
|
CVE-2012-5057
|
2014-06-5 02:19 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257953
|
- |
|
owncloud
|
owncloud
|
Per: http://cwe.mitre.org/data/definitions/93.html
"CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')"
|
NVD-CWE-Other
|
CVE-2012-5057
|
2014-06-5 02:19 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257954
|
- |
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odf…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5056
|
2014-06-5 02:15 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257955
|
- |
|
typo3
|
typo3
|
The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary …
|
CWE-200
Information Exposure
|
CVE-2014-3946
|
2014-06-5 00:26 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257956
|
- |
|
typo3
|
typo3
|
The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remot…
|
CWE-287
Improper Authentication
|
CVE-2014-3945
|
2014-06-5 00:24 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257957
|
- |
|
typo3
|
typo3
|
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.
|
CWE-287
Improper Authentication
|
CVE-2014-3944
|
2014-06-5 00:15 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257958
|
- |
|
trianglemicroworks
|
scada_data_gateway
|
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line.
|
CWE-20
Improper Input Validation
|
CVE-2014-2343
|
2014-06-4 23:00 |
2014-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257959
|
- |
|
alfresco
|
alfresco
|
Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2939
|
2014-06-4 00:30 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257960
|
- |
|
ajaydsouza
|
contextual_related_posts
|
SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2014-3937
|
2014-06-4 00:09 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|