258511
|
- |
|
emc
|
rsa_adaptive_authentication_on-premise
|
Cross-site scripting (XSS) vulnerability in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote attackers to inject arbitrary web script or HTML via vectors involving…
|
CWE-79
Cross-site Scripting
|
CVE-2014-0638
|
2014-04-5 01:37 |
2014-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258512
|
- |
|
emc
|
rsa_adaptive_authentication_on-premise
|
Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to …
|
CWE-79
Cross-site Scripting
|
CVE-2014-0637
|
2014-04-5 01:34 |
2014-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258513
|
- |
|
crowbar novell
|
barclamp suse_cloud
|
Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass secur…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0592
|
2014-04-5 01:20 |
2014-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258514
|
- |
|
roberta_bramski
|
uploader
|
Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or …
|
CWE-79
Cross-site Scripting
|
CVE-2013-2287
|
2014-04-5 01:01 |
2014-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258515
|
- |
|
koushik_dutta google
|
superuser android
|
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6770
|
2014-04-4 02:09 |
2014-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258516
|
- |
|
b2evolution
|
b2evolution
|
Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL inj…
|
CWE-352
Origin Validation Error
|
CVE-2013-7352
|
2014-04-4 00:36 |
2014-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258517
|
- |
|
dotcms
|
dotcms
|
Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/logi…
|
CWE-79
Cross-site Scripting
|
CVE-2013-3484
|
2014-04-4 00:13 |
2014-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258518
|
- |
|
apple
|
safari
|
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read …
|
CWE-20
Improper Input Validation
|
CVE-2014-1297
|
2014-04-3 02:07 |
2014-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258519
|
- |
|
cisco
|
security_manager
|
CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL,…
|
CWE-20
Improper Input Validation
|
CVE-2014-2138
|
2014-04-3 01:56 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258520
|
- |
|
cisco
|
web_security_virtual_appliance web_security_appliance
|
CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a …
|
CWE-20
Improper Input Validation
|
CVE-2014-2137
|
2014-04-3 01:28 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|