258811
|
- |
|
freebsd
|
freebsd
|
The ql_eioctl function in sys/dev/qlxgbe/ql_ioctl.c in the kernel in FreeBSD 10 and earlier does not validate a certain size parameter, which allows local users to obtain sensitive information from k…
|
CWE-20
Improper Input Validation
|
CVE-2013-6834
|
2014-03-5 03:52 |
2013-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258812
|
- |
|
mybb
|
mybb
|
Cross-site scripting (XSS) vulnerability in Upload/search.php in MyBB 1.6.12 and earlier allows remote attackers to inject arbitrary web script or HTML via the keywords parameter in a do_search actio…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1840
|
2014-03-5 02:36 |
2014-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258813
|
- |
|
avtech
|
avn801_dvr_firmware avn801_dvr
|
Buffer overflow in cgi-bin/user/Config.cgi in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4981
|
2014-03-5 01:51 |
2014-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258814
|
- |
|
avtech
|
avn801_dvr_firmware avn801_dvr
|
Buffer overflow in the RTSP Packet Handler in AVTECH AVN801 DVR with firmware 1017-1003-1009-1003 and earlier, and possibly other devices, allows remote attackers to cause a denial of service (device…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4980
|
2014-03-5 01:50 |
2014-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258815
|
- |
|
commentluv
|
commentluv
|
Cross-site scripting (XSS) vulnerability in the CommentLuv plugin before 2.92.4 for WordPress allows remote attackers to inject arbitrary web script or HTML via the _ajax_nonce parameter to wp-admin/…
|
CWE-79
Cross-site Scripting
|
CVE-2013-1409
|
2014-03-5 01:11 |
2014-03-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258816
|
- |
|
ilias
|
ilias
|
Multiple cross-site scripting (XSS) vulnerabilities in ilias.php in ILIAS 4.4.1 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tar, (2) tar_val, or (3) title para…
|
CWE-79
Cross-site Scripting
|
CVE-2014-2090
|
2014-03-4 05:58 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258817
|
- |
|
synology
|
diskstation_manager
|
The OpenVPN module in Synology DiskStation Manager (DSM) 4.3-3810 update 1 has a hardcoded root password of synopass, which makes it easier for remote attackers to obtain access via a VPN session.
|
CWE-255 CWE-200
Credentials Management Information Exposure
|
CVE-2014-2264
|
2014-03-4 05:47 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258818
|
- |
|
apache adobe
|
cordova phonegap
|
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanis…
|
CWE-20
Improper Input Validation
|
CVE-2012-6637
|
2014-03-4 05:42 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258819
|
- |
|
apache adobe
|
cordova phonegap
|
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier allow remote attackers to bypass intended device-resource restrictions of an event-based bridge via a crafted library clone that …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1881
|
2014-03-4 05:39 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258820
|
- |
|
apache adobe
|
cordova phonegap
|
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier on Windows Phone 7 and 8 do not properly restrict navigation events, which allows remote attackers to bypass intended device-reso…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1884
|
2014-03-4 05:37 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|