|
258251
|
- |
|
invitation_project
|
invitation
|
The Invitation module 7.x-2.x for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified default views.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7063
|
2014-04-30 01:40 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258252
|
- |
|
cisco
|
unified_communications_manager
|
The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352.
|
CWE-20
Improper Input Validation
|
CVE-2014-2184
|
2014-04-30 01:08 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258253
|
- |
|
cisco
|
unified_communications_manager
|
The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields …
|
CWE-200
Information Exposure
|
CVE-2014-2185
|
2014-04-30 01:08 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258254
|
- |
|
cisco
|
unified_contact_center_enterprise
unified_contact_center_express_editor_software
|
The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a …
|
CWE-20
Improper Input Validation
|
CVE-2014-2180
|
2014-04-30 00:42 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258255
|
- |
|
zarafa
|
zarafa
|
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (cra…
|
CWE-20
Improper Input Validation
|
CVE-2014-0079
|
2014-04-29 20:52 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258256
|
- |
|
zarafa
|
zarafa
|
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointe…
|
CWE-20
Improper Input Validation
|
CVE-2014-0037
|
2014-04-29 20:35 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258257
|
- |
|
dkorunic
|
pam_s\/key
|
A certain Gentoo patch for the PAM S/Key module does not properly clear credentials from memory, which allows local users to obtain sensitive information by reading system memory.
|
CWE-255
Credentials Management
|
CVE-2013-4285
|
2014-04-29 20:09 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258258
|
- |
|
zlib
|
pigz
|
Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0296
|
2014-04-29 04:28 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258259
|
- |
|
litech
|
router_advertisement_daemon
|
The router advertisement daemon (radvd) before 1.8.2 does not properly handle errors in the privsep_init function, which causes the radvd daemon to run as root and has an unspecified impact.
|
CWE-20
Improper Input Validation
|
CVE-2011-3603
|
2014-04-29 04:12 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258260
|
- |
|
litech
|
router_advertisement_daemon
|
Per http://thread.gmane.org/gmane.comp.security.oss.general/5973/focus=6015, this vulnerablity is being assigned a CVSS base metric of AV:L/AC:M/Au:N/C:P/I:P/A:P = 4.4
|
CWE-20
Improper Input Validation
|
CVE-2011-3603
|
2014-04-29 04:12 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
