260011
|
- |
|
fast_permissions_administration_project
|
fast_permission_administration
|
The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2247
|
2013-10-8 02:45 |
2013-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260012
|
- |
|
asus
|
rt-n10e_firmware rt-n10e
|
qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request.
|
CWE-287
Improper Authentication
|
CVE-2013-3610
|
2013-10-8 01:35 |
2013-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260013
|
- |
|
owncloud
|
owncloud
|
Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulner…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2398
|
2013-10-8 01:29 |
2012-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260014
|
- |
|
wordpress
|
wassup_plugin
|
Cross-site scripting (XSS) vulnerability in wassup.php in the WassUp plugin before 1.8.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
|
CWE-79
Cross-site Scripting
|
CVE-2012-2633
|
2013-10-8 01:29 |
2012-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260015
|
- |
|
rubygems
|
mail_gem
|
Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the…
|
CWE-22
Path Traversal
|
CVE-2012-2139
|
2013-10-8 01:18 |
2012-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260016
|
- |
|
axis
|
media_control_activex_control
|
The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) Sta…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3543
|
2013-10-8 01:17 |
2013-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260017
|
- |
|
bluecoat
|
proxysg_va-10 proxysg_va-15 proxysg_va-20 proxysg_va-5 proxysg proxysg_sg210-10 proxysg_sg210-25 proxysg_sg210-5 proxysg_sg510-10 proxysg_sg510-20 proxysg_sg510-25 pr…
|
Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, …
|
CWE-16
Configuration
|
CVE-2009-1211
|
2013-10-8 01:17 |
2009-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260018
|
- |
|
ovislink
|
airlive_wl2600cam
|
Directory traversal vulnerability in cgi-bin/admin/fileread in AirLive WL2600CAM and possibly other camera models allows remote attackers to read arbitrary files via a .. (dot dot) in the READ.filePa…
|
CWE-22
Path Traversal
|
CVE-2013-3541
|
2013-10-8 00:38 |
2013-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260019
|
- |
|
brickom
|
100ap_device_firmware fb-100ap md-100ap ob-100ae osd-040e wcb-100ap wfb-100ap
|
Brickcom FB-100Ap, WCB-100Ap, MD-100Ap, WFB-100Ap, OB-100Ae, OSD-040E, and possibly other camera models with firmware 3.0.6.16C1 and earlier, do not properly restrict access to configfile.dump, which…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3689
|
2013-10-8 00:38 |
2013-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260020
|
- |
|
watchguard
|
server_center
|
Multiple untrusted search path vulnerabilities in (1) Watchguard Log Collector (wlcollector.exe) and (2) Watchguard WebBlocker Server (wbserver.exe) in WatchGuard Server Center 11.7.4, 11.7.3, and po…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5701
|
2013-10-8 00:30 |
2013-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|