258861
|
- |
|
civicrm
|
civicrm
|
The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to …
|
CWE-89
SQL Injection
|
CVE-2013-4662
|
2014-02-22 04:29 |
2014-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258862
|
- |
|
springsignage
|
xibo
|
Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add a…
|
CWE-352
Origin Validation Error
|
CVE-2013-4889
|
2014-02-22 04:15 |
2014-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258863
|
- |
|
springsignage
|
xibo
|
Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page.
|
CWE-79
Cross-site Scripting
|
CVE-2013-4888
|
2014-02-22 04:13 |
2014-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258864
|
- |
|
op5
|
monitor
|
Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers to read arbitrary files via unknown vectors related to lack of authorization.
|
NVD-CWE-noinfo
|
CVE-2013-6141
|
2014-02-22 04:07 |
2014-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258865
|
- |
|
webhive
|
timeline
|
Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file…
|
NVD-CWE-Other
|
CVE-2013-4898
|
2014-02-22 04:06 |
2014-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258866
|
- |
|
webhive
|
timeline
|
Per: http://cwe.mitre.org/data/definitions/434.html
"CWE-434: Unrestricted Upload of File with Dangerous Type"
|
NVD-CWE-Other
|
CVE-2013-4898
|
2014-02-22 04:06 |
2014-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258867
|
- |
|
adobe
|
acrobat_reader acrobat
|
Buffer overflow in Adobe Reader and Acrobat 9.x before 9.5.3, 10.x before 10.1.5, and 11.x before 11.0.1 allows attackers to execute arbitrary code via unspecified vectors, a different vulnerability …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-1376
|
2014-02-22 03:46 |
2014-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258868
|
- |
|
codeaurora qualcomm
|
android-msm quic_mobile_station_modem_kernel
|
Multiple stack-based buffer overflows in the MSM camera driver for the Linux kernel 3.x, as used in Qualcomm Innovation Center (QuIC) Android contributions for MSM devices and other products, allow a…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4738
|
2014-02-22 03:18 |
2014-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258869
|
- |
|
openbsd
|
openssh
|
ssh-keysign.c in ssh-keysign in OpenSSH before 5.8p2 on certain platforms executes ssh-rand-helper with unintended open file descriptors, which allows local users to obtain sensitive key information …
|
CWE-200
Information Exposure
|
CVE-2011-4327
|
2014-02-22 03:12 |
2014-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258870
|
- |
|
elgg
|
elgg
|
Cross-site scripting (XSS) vulnerability in the Twitter widget in Elgg before 1.7.17 and 1.8.x before 1.8.13 allows remote attackers to inject arbitrary web script or HTML via the params[twitter_user…
|
CWE-79
Cross-site Scripting
|
CVE-2013-0234
|
2014-02-22 03:08 |
2014-02-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|