|
257801
|
- |
|
ajenti
|
ajenti
|
Cross-site scripting (XSS) vulnerability in plugins/main/content/js/ajenti.coffee in Eugene Pankov Ajenti 1.2.13 allows remote authenticated users to inject arbitrary web script or HTML via the comma…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2260
|
2014-05-2 00:42 |
2014-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257802
|
- |
|
php-fusion
|
php-fusion
|
PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information v…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1807
|
2014-05-2 00:35 |
2014-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257803
|
- |
|
php-fusion
|
php-fusion
|
Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to…
|
CWE-22
Path Traversal
|
CVE-2013-1806
|
2014-05-2 00:27 |
2014-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257804
|
- |
|
bluecoat
|
content_analysis_system_software
content_analysis_system
|
The commandline interface in Blue Coat Content Analysis System (CAS) 1.1 before 1.1.4.2 allows remote administrators to execute arbitrary commands via unspecified vectors, related to "command injecti…
|
CWE-78
OS Command
|
CVE-2014-2565
|
2014-05-1 22:49 |
2014-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257805
|
- |
|
gnu
|
a2ps
|
The tempname_ensure function in lib/routines.h in a2ps 4.14 and earlier, as used by the spy_user function and possibly other functions, allows local users to modify arbitrary files via a symlink atta…
|
CWE-59
Link Following
|
CVE-2001-1593
|
2014-05-1 10:20 |
2014-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257806
|
- |
|
apache
google
|
harmony
android
|
The engineNextBytes function in classlib/modules/security/src/main/java/common/org/apache/harmony/security/provider/crypto/SHA1PRNG_SecureRandomImpl.java in the SecureRandom implementation in Apache …
|
CWE-310
Cryptographic Issues
|
CVE-2013-7372
|
2014-04-30 23:23 |
2014-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257807
|
- |
|
ubercart
|
ubercart
|
Session fixation vulnerability in the Ubercart module 6.x-2.x before 6.x-2.13 and 7.x-3.x before 7.x-3.6 for Drupal, when the "Log in new customers after checkout" option is enabled, allows remote at…
|
CWE-287
Improper Authentication
|
CVE-2013-7302
|
2014-04-30 23:04 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257808
|
- |
|
malcolm_nooning
|
pirpc
|
The PlRPC module, possibly 0.2020 and earlier, for Perl uses the Storable module, which allows remote attackers to execute arbitrary code via a crafted request, which is not properly handled when it …
|
CWE-94
Code Injection
|
CVE-2013-7284
|
2014-04-30 22:56 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257809
|
- |
|
gnome
|
gnome_display_manager
|
GNOME Display Manager (gdm) 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service (unable to login) by pressing the cancel button after entering a …
|
NVD-CWE-noinfo
|
CVE-2013-7273
|
2014-04-30 22:32 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257810
|
- |
|
google
|
android
|
Android before 4.4 does not properly arrange for seeding of the OpenSSL PRNG, which makes it easier for attackers to defeat cryptographic protection mechanisms by leveraging use of the PRNG within mu…
|
CWE-200
Information Exposure
|
CVE-2013-7373
|
2014-04-30 21:57 |
2014-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
