|
257451
|
- |
|
drupal
|
drupal
|
The OpenID module in Drupal 6.x before 6.30 and 7.x before 7.26 allows remote OpenID users to authenticate as other users via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2014-1475
|
2014-02-21 14:06 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257452
|
- |
|
drupal
|
drupal
|
The Taxonomy module in Drupal 7.x before 7.26, when upgraded from an earlier version of Drupal, does not properly restrict access to unpublished content, which allows remote authenticated users to ob…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1476
|
2014-02-21 14:06 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257453
|
- |
|
doug_poulin
|
command_school_student_management_system
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Command School Student Management System 1.06.01 allow remote attackers to hijack the authentication of (1) administrators for requests t…
|
CWE-352
Origin Validation Error
|
CVE-2014-1915
|
2014-02-21 14:06 |
2014-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257454
|
- |
|
visibility_software
|
cyber_recruiter
|
Visibility Software Cyber Recruiter before 8.1.00 does not use the appropriate combination of HTTPS transport and response headers to prevent access to (1) AppSelfService.aspx and (2) AgencyPortal.as…
|
CWE-200
Information Exposure
|
CVE-2014-1930
|
2014-02-21 14:06 |
2014-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257455
|
- |
|
visibility_software
|
cyber_recruiter
|
The user login page in Visibility Software Cyber Recruiter before 8.1.00 generates different responses for invalid password-retrieval attempts depending on which data elements are incorrect, which mi…
|
CWE-200
Information Exposure
|
CVE-2014-1931
|
2014-02-21 14:06 |
2014-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257456
|
- |
|
d-link
|
dap_2253_firmware
dap_2253
|
Cross-site request forgery (CSRF) vulnerability in D-Link DAP-2253 Access Point (Rev. A1) with firmware before 1.30 allows remote attackers to hijack the authentication of administrators for requests…
|
CWE-352
Origin Validation Error
|
CVE-2013-7320
|
2014-02-21 14:06 |
2014-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257457
|
- |
|
gnu
|
libmicrohttpd
|
The MHD_http_unescape function in libmicrohttpd before 0.9.32 might allow remote attackers to obtain sensitive information or cause a denial of service (crash) via unspecified vectors that trigger an…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-7038
|
2014-02-21 14:05 |
2013-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257458
|
- |
|
gnu
|
libmicrohttpd
|
Stack-based buffer overflow in the MHD_digest_auth_check function in libmicrohttpd before 0.9.32, when MHD_OPTION_CONNECTION_MEMORY_LIMIT is set to a large value, allows remote attackers to cause a d…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-7039
|
2014-02-21 14:05 |
2013-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257459
|
- |
|
detlef_pilzecker
|
proc\
|
The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7135
|
2014-02-21 14:05 |
2014-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257460
|
- |
|
maxxmarketing
|
joomshopping
|
Cross-site scripting (XSS) vulnerability in the JoomShopping (com_joomshopping) component before 4.3.1 for Joomla! allows remote attackers to inject arbitrary web script or HTML via the user_name par…
|
CWE-79
Cross-site Scripting
|
CVE-2013-3933
|
2014-02-21 14:01 |
2014-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
