|
258241
|
- |
|
organic_groups_project
|
organic_groups
|
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7068
|
2014-04-30 02:52 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258242
|
- |
|
entity_reference_project
|
entityreference
|
The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allows remote attackers to read private nodes titles by leveraging edit permissions to a node that references a private node.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7066
|
2014-04-30 02:45 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258243
|
- |
|
freelance-it-consultant
|
eu_cookie_compliance
|
Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance pop…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7064
|
2014-04-30 02:09 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258244
|
- |
|
invitation_project
|
invitation
|
The Invitation module 7.x-2.x for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified default views.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7063
|
2014-04-30 01:40 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258245
|
- |
|
cisco
|
unified_communications_manager
|
The IP Manager Assistant (IPMA) component in Cisco Unified Communications Manager (Unified CM) allows remote attackers to obtain sensitive information via a crafted URL, aka Bug ID CSCun74352.
|
CWE-20
Improper Input Validation
|
CVE-2014-2184
|
2014-04-30 01:08 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258246
|
- |
|
cisco
|
unified_communications_manager
|
The Call Detail Records (CDR) Management component in Cisco Unified Communications Manager (Unified CM) allows remote authenticated users to obtain sensitive information by reading extraneous fields …
|
CWE-200
Information Exposure
|
CVE-2014-2185
|
2014-04-30 01:08 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258247
|
- |
|
cisco
|
unified_contact_center_enterprise
unified_contact_center_express_editor_software
|
The Document Management component in Cisco Unified Contact Center Express does not properly validate a parameter, which allows remote authenticated users to upload files to arbitrary pathnames via a …
|
CWE-20
Improper Input Validation
|
CVE-2014-2180
|
2014-04-30 00:42 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258248
|
- |
|
zarafa
|
zarafa
|
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 7.1.8, 6.20.0, and earlier, when using certain build conditions, allows remote attackers to cause a denial of service (cra…
|
CWE-20
Improper Input Validation
|
CVE-2014-0079
|
2014-04-29 20:52 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258249
|
- |
|
zarafa
|
zarafa
|
The ValidateUserLogon function in provider/libserver/ECSession.cpp in Zarafa 5.00 before 7.1.8 beta2 allows remote attackers to cause a denial of service (crash) via vectors related to "a NULL pointe…
|
CWE-20
Improper Input Validation
|
CVE-2014-0037
|
2014-04-29 20:35 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258250
|
- |
|
dkorunic
|
pam_s\/key
|
A certain Gentoo patch for the PAM S/Key module does not properly clear credentials from memory, which allows local users to obtain sensitive information by reading system memory.
|
CWE-255
Credentials Management
|
CVE-2013-4285
|
2014-04-29 20:09 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
