|
258771
|
- |
|
satechi
|
smart_travel_router
|
The web interface on the Satechi travel router 1.5, when Wi-Fi is used for WAN access, exposes the console without authentication on the WAN IP address regardless of the "Web Management via WAN" sett…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6918
|
2014-03-6 02:46 |
2013-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258772
|
- |
|
apple
|
mac_os_x
|
A certain Apple patch for OpenSSL in Apple OS X 10.9.2 and earlier uses a Trust Evaluation Agent (TEA) feature without terminating certain TLS/SSL handshakes as specified in the SSL_CTX_set_verify ca…
|
CWE-20
Improper Input Validation
|
CVE-2014-2234
|
2014-03-6 02:44 |
2014-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258773
|
- |
|
novell
|
suse_manager
|
Cross-site scripting (XSS) vulnerability in the Spacewalk service in SUSE Manager 1.2 for SUSE Linux Enterprise (SLE) 11 SP1 allows remote attackers to inject arbitrary web script or HTML via an imag…
|
CWE-79
Cross-site Scripting
|
CVE-2012-0414
|
2014-03-5 03:56 |
2013-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258774
|
- |
|
novell
|
suse_cloud
|
The server in Crowbar, as used in SUSE Cloud 1.0, uses weak permissions for the production.log file, which has unspecified impact and attack vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0434
|
2014-03-5 03:56 |
2013-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258775
|
- |
|
cisco
|
secure_access_control_system
|
The RBAC implementation in Cisco Secure Access Control System (ACS) does not properly verify privileges for support-bundle downloads, which allows remote authenticated users to obtain sensitive infor…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6695
|
2014-03-5 03:54 |
2013-12-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258776
|
- |
|
freebsd
|
freebsd
|
The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from k…
|
CWE-20
Improper Input Validation
|
CVE-2013-6834
|
2014-03-5 03:52 |
2013-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258777
|
- |
|
mybb
|
mybb
|
Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search actio…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1840
|
2014-03-5 02:36 |
2014-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258778
|
- |
|
avtech
|
avn801_dvr_firmware
avn801_dvr
|
Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4981
|
2014-03-5 01:51 |
2014-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258779
|
- |
|
avtech
|
avn801_dvr_firmware
avn801_dvr
|
Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4980
|
2014-03-5 01:50 |
2014-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258780
|
- |
|
commentluv
|
commentluv
|
Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/…
|
CWE-79
Cross-site Scripting
|
CVE-2013-1409
|
2014-03-5 01:11 |
2014-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
