|
257901
|
- |
|
wordpress
|
wordpress
|
wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by vi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6635
|
2014-02-25 10:38 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257902
|
- |
|
wordpress
|
wordpress
|
wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6634
|
2014-02-25 10:37 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257903
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field.
|
CWE-79
Cross-site Scripting
|
CVE-2012-6633
|
2014-02-25 10:36 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257904
|
- |
|
aloaha
|
aloaha_pdf_suite_free
aloahapdfviewer
|
Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in Aloaha PDF Suite FREE allows remote attackers to execute arbitrary code via a crafted PDF file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4978
|
2014-02-25 10:13 |
2014-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257905
|
- |
|
redhat
|
network_satellite
spacewalk
|
Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in th…
|
CWE-20
Improper Input Validation
|
CVE-2011-1594
|
2014-02-25 10:04 |
2014-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257906
|
- |
|
kde
|
kdelibs
|
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and pa…
|
CWE-200
Information Exposure
|
CVE-2013-2074
|
2014-02-25 09:26 |
2014-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257907
|
- |
|
rapid7
|
nexpose
|
Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete sc…
|
CWE-352
Origin Validation Error
|
CVE-2012-6493
|
2014-02-25 07:17 |
2014-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257908
|
- |
|
iconics
|
genesis32
|
An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.
|
CWE-20
Improper Input Validation
|
CVE-2014-0758
|
2014-02-25 04:45 |
2014-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257909
|
- |
|
google
|
chrome
|
Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in th…
|
CWE-22
Path Traversal
|
CVE-2013-6652
|
2014-02-25 04:20 |
2014-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257910
|
- |
|
mitsubishielectric
|
mc-worx_suite
|
An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction…
|
CWE-94
Code Injection
|
CVE-2013-2817
|
2014-02-25 03:48 |
2014-02-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
