|
258781
|
- |
|
ilias
|
ilias
|
Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title para…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2090
|
2014-03-4 05:58 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258782
|
- |
|
synology
|
diskstation_manager
|
The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session.
|
CWE-255
CWE-200
Credentials Management
Information Exposure
|
CVE-2014-2264
|
2014-03-4 05:47 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258783
|
- |
|
apache
adobe
|
cordova
phonegap
|
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanis…
|
CWE-20
Improper Input Validation
|
CVE-2012-6637
|
2014-03-4 05:42 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258784
|
- |
|
apache
adobe
|
cordova
phonegap
|
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1881
|
2014-03-4 05:39 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258785
|
- |
|
apache
adobe
|
cordova
phonegap
|
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-reso…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1884
|
2014-03-4 05:37 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258786
|
- |
|
adobe
|
phonegap
|
Adobe PhoneGap before 2.6.0 on Android uses the shouldOverrideUrlLoading callback instead of the proper shouldInterceptRequest callback, which allows remote attackers to bypass intended device-resour…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1883
|
2014-03-4 05:32 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258787
|
- |
|
adobe
apache
|
phonegap
cordova
|
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1882
|
2014-03-4 05:26 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258788
|
- |
|
alstom
|
e-terracontrol
|
The DNP Master Driver in Alstom e-terracontrol 3.5, 3.6, and 3.7 allows physically proximate attackers to cause a denial of service (infinite loop and DNP3 service disruption) via crafted input over …
|
CWE-20
Improper Input Validation
|
CVE-2013-2818
|
2014-03-4 02:46 |
2013-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258789
|
- |
|
vmware
|
esxi
workstation
esx
player
fusion
|
lgtosync.sys in VMware Workstation 9.x before 9.0.3, VMware Player 5.x before 5.0.3, VMware Fusion 5.x before 5.0.4, VMware ESXi 4.0 through 5.1, and VMware ESX 4.0 and 4.1, when a 32-bit Windows gue…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3519
|
2014-03-4 02:45 |
2013-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258790
|
- |
|
ilias
|
ilias
|
ILIAS 4.4.1 allows remote attackers to execute arbitrary PHP code via an e-mail attachment that leads to creation of a .php file with a certain client_id pathname.
|
CWE-94
Code Injection
|
CVE-2014-2089
|
2014-03-4 02:25 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
