|
260001
|
- |
|
node_access_user_reference_project
|
nodeaccess_userreference_module
|
The Node access user reference module 6.x-3.x before 6.x-3.5 and 7.x-3.x before 7.x-3.10 for Drupal does not properly restrict access to content containing a user reference field when the author upda…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2123
|
2013-10-8 02:48 |
2013-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260002
|
- |
|
crunchify
|
all-in-on-webmaster
|
Cross-site request forgery (CSRF) vulnerability in the All in One Webmaster plugin before 8.2.4 for WordPress allows remote attackers to hijack the authentication of arbitrary users for requests that…
|
CWE-352
Origin Validation Error
|
CVE-2013-2696
|
2013-10-8 02:48 |
2013-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260003
|
- |
|
login_security_project
|
login_security
|
The Login Security module 6.x-1.x before 6.x-1.3 and 7.x-1.x before 7.x-1.3 for Drupal, when using the login delay option, allows remote attackers to cause a denial of service (CPU consumption) via a…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-2197
|
2013-10-8 02:46 |
2013-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260004
|
- |
|
fast_permissions_administration_project
|
fast_permission_administration
|
The Fast Permissions Administration module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.3 for Drupal does not properly restrict access to the modal content callback, which allows remote attackers …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2247
|
2013-10-8 02:45 |
2013-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260005
|
- |
|
asus
|
rt-n10e_firmware
rt-n10e
|
qis/QIS_finish.htm on the ASUS RT-N10E router with firmware before 2.0.0.25 does not require authentication, which allows remote attackers to discover the administrator password via a direct request.
|
CWE-287
Improper Authentication
|
CVE-2013-3610
|
2013-10-8 01:35 |
2013-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260006
|
- |
|
owncloud
|
owncloud
|
Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulner…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2398
|
2013-10-8 01:29 |
2012-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260007
|
- |
|
wordpress
|
wassup_plugin
|
Cross-site scripting (XSS) vulnerability in wassup.php in the WassUp plugin before 1.8.3.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the User-Agent HTTP header.
|
CWE-79
Cross-site Scripting
|
CVE-2012-2633
|
2013-10-8 01:29 |
2012-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260008
|
- |
|
rubygems
|
mail_gem
|
Directory traversal vulnerability in lib/mail/network/delivery_methods/file_delivery.rb in the Mail gem before 2.4.4 for Ruby allows remote attackers to read arbitrary files via a .. (dot dot) in the…
|
CWE-22
Path Traversal
|
CVE-2012-2139
|
2013-10-8 01:18 |
2012-07-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260009
|
- |
|
axis
|
media_control_activex_control
|
The AXIS Media Control (AMC) ActiveX control (AxisMediaControlEmb.dll) 6.2.10.11 for AXIS network cameras allows remote attackers to create or overwrite arbitrary files via a file path to the (1) Sta…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3543
|
2013-10-8 01:17 |
2013-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260010
|
- |
|
bluecoat
|
proxysg_va-10
proxysg_va-15
proxysg_va-20
proxysg_va-5
proxysg
proxysg_sg210-10
proxysg_sg210-25
proxysg_sg210-5
proxysg_sg510-10
proxysg_sg510-20
proxysg_sg510-25
pr…
|
Blue Coat ProxySG, when transparent interception mode is enabled, uses the HTTP Host header to determine the remote endpoint, which allows remote attackers to bypass access controls for Flash, Java, …
|
CWE-16
Configuration
|
CVE-2009-1211
|
2013-10-8 01:17 |
2009-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
