257991
|
- |
|
google_authenticator_login_project
|
ga_login
|
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4177
|
2014-05-30 22:34 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257992
|
- |
|
mail_on_update_project
|
mail_on_update
|
Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change…
|
CWE-352
Origin Validation Error
|
CVE-2013-2107
|
2014-05-30 09:32 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257993
|
- |
|
robert_ancell canonical
|
lightdm ubuntu_linux
|
debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0943
|
2014-05-30 09:19 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257994
|
- |
|
apache
|
couchdb
|
Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash.
|
CWE-94
Code Injection
|
CVE-2012-5649
|
2014-05-30 09:16 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257995
|
- |
|
krisonav
|
krisonav
|
Cross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2013-2712
|
2014-05-30 08:44 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257996
|
- |
|
krisonav
|
krisonav
|
Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user a…
|
CWE-352
Origin Validation Error
|
CVE-2013-2713
|
2014-05-30 08:44 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257997
|
- |
|
usercake
|
usercake
|
Multiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that c…
|
CWE-352
Origin Validation Error
|
CVE-2014-3866
|
2014-05-30 08:22 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257998
|
- |
|
izarc
|
izarc
|
IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote…
|
CWE-94
Code Injection
|
CVE-2014-2720
|
2014-05-30 08:21 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257999
|
- |
|
glpi-project
|
glpi
|
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.
|
NVD-CWE-Other
|
CVE-2013-2225
|
2014-05-29 02:07 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258000
|
- |
|
glpi-project
|
glpi
|
Per: http://cwe.mitre.org/data/definitions/502.html
"CWE-502: Deserialization of Untrusted Data"
|
NVD-CWE-Other
|
CVE-2013-2225
|
2014-05-29 02:07 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|