|
259661
|
- |
|
hexagon
|
erdas_er_viewer
|
Stack-based buffer overflow in ermapper_u.dll in Intergraph ERDAS ER Viewer before 13.0.1.1301 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-3483
|
2014-01-22 06:12 |
2014-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259662
|
- |
|
libimobiledevice
|
libimobiledevice
|
userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.…
|
CWE-59
Link Following
|
CVE-2013-2142
|
2014-01-22 05:54 |
2014-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259663
|
- |
|
wordpress
|
wordpress
|
wp-admin/press-this.php in WordPress before 3.0.6 does not enforce the publish_posts capability requirement, which allows remote authenticated users to perform publish actions by leveraging the Contr…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-5270
|
2014-01-22 02:31 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259664
|
- |
|
wordpress
|
wordpress
|
WordPress before 3.0.1, when a Multisite installation is used, permanently retains the "site administrators can add users" option once changed, which might allow remote authenticated administrators t…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-5297
|
2014-01-22 02:28 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259665
|
- |
|
wordpress
|
wordpress
|
wp-includes/capabilities.php in WordPress before 3.0.2, when a Multisite configuration is used, does not require the Super Admin role for the delete_users capability, which allows remote authenticate…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-5296
|
2014-01-22 02:20 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259666
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in wp-admin/plugins.php in WordPress before 3.0.2 might allow remote attackers to inject arbitrary web script or HTML via a plugin's author field, which is no…
|
CWE-79
Cross-site Scripting
|
CVE-2010-5295
|
2014-01-22 02:19 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259667
|
- |
|
wordpress
|
wordpress
|
Multiple cross-site scripting (XSS) vulnerabilities in the request_filesystem_credentials function in wp-admin/includes/file.php in WordPress before 3.0.2 allow remote servers to inject arbitrary web…
|
CWE-79
Cross-site Scripting
|
CVE-2010-5294
|
2014-01-22 02:18 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259668
|
- |
|
wordpress
|
wordpress
|
wp-includes/comment.php in WordPress before 3.0.2 does not properly whitelist trackbacks and pingbacks in the blogroll, which allows remote attackers to bypass intended spam restrictions via a crafte…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-5293
|
2014-01-22 02:16 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259669
|
- |
|
sonatype
|
nexus
|
Sonatype Nexus 1.x and 2.x before 2.7.1 allows remote attackers to create arbitrary objects and execute arbitrary code via unspecified vectors related to unmarshalling of unintended Object types.
|
CWE-94
Code Injection
|
CVE-2014-0792
|
2014-01-21 23:14 |
2014-01-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259670
|
- |
|
rick_mead
|
media_library_categories
|
Multiple cross-site scripting (XSS) vulnerabilities in the Media Library Categories plugin 1.1.1 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) bulk parameter…
|
CWE-79
Cross-site Scripting
|
CVE-2012-6630
|
2014-01-18 04:16 |
2014-01-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
