|
257411
|
- |
|
cs-cart
|
cs-cart
|
Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) a…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7317
|
2014-02-25 11:14 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257412
|
- |
|
aphpkb
|
aphpkb
|
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) first_…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7289
|
2014-02-25 11:01 |
2014-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257413
|
- |
|
google
|
chrome
|
Google Chrome through 32.0.1700.23 on Android allows remote attackers to spoof the address bar via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2013-6642
|
2014-02-25 10:55 |
2014-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257414
|
- |
|
cru-inc
|
ditto_forensic_fieldstation_firmware
ditto_forensic_fieldstation
|
The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.
|
CWE-255
Credentials Management
|
CVE-2013-6884
|
2014-02-25 10:44 |
2014-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257415
|
- |
|
wordpress
|
wordpress
|
wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by vi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6635
|
2014-02-25 10:38 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257416
|
- |
|
wordpress
|
wordpress
|
wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6634
|
2014-02-25 10:37 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257417
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field.
|
CWE-79
Cross-site Scripting
|
CVE-2012-6633
|
2014-02-25 10:36 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257418
|
- |
|
aloaha
|
aloaha_pdf_suite_free
aloahapdfviewer
|
Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in Aloaha PDF Suite FREE allows remote attackers to execute arbitrary code via a crafted PDF file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4978
|
2014-02-25 10:13 |
2014-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257419
|
- |
|
redhat
|
network_satellite
spacewalk
|
Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in th…
|
CWE-20
Improper Input Validation
|
CVE-2011-1594
|
2014-02-25 10:04 |
2014-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257420
|
- |
|
kde
|
kdelibs
|
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and pa…
|
CWE-200
Information Exposure
|
CVE-2013-2074
|
2014-02-25 09:26 |
2014-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
