258131
|
- |
|
mp3info
|
mp3info
|
Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this …
|
NVD-CWE-Other
|
CVE-2006-2465
|
2014-05-31 11:22 |
2006-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258132
|
- |
|
jasig
|
uportal
|
uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3417
|
2014-05-31 01:36 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258133
|
- |
|
jasig
|
uportal
|
uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-adm…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3416
|
2014-05-31 01:35 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258134
|
- |
|
sosreport_project
|
sosreport
|
SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive.
|
CWE-255
Credentials Management
|
CVE-2014-0246
|
2014-05-30 22:59 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258135
|
- |
|
google_authenticator_login_project
|
ga_login
|
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password …
|
CWE-287
Improper Authentication
|
CVE-2013-4178
|
2014-05-30 22:35 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258136
|
- |
|
google_authenticator_login_project
|
ga_login
|
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4177
|
2014-05-30 22:34 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258137
|
- |
|
mail_on_update_project
|
mail_on_update
|
Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change…
|
CWE-352
Origin Validation Error
|
CVE-2013-2107
|
2014-05-30 09:32 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258138
|
- |
|
robert_ancell canonical
|
lightdm ubuntu_linux
|
debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0943
|
2014-05-30 09:19 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258139
|
- |
|
apache
|
couchdb
|
Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash.
|
CWE-94
Code Injection
|
CVE-2012-5649
|
2014-05-30 09:16 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258140
|
- |
|
krisonav
|
krisonav
|
Cross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2013-2712
|
2014-05-30 08:44 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|