260541
|
- |
|
js-yaml_project
|
js-yaml
|
The JS-YAML module before 2.0.5 for Node.js parses input without properly considering the unsafe !!js/function tag, which allows remote attackers to execute arbitrary code via a crafted string that t…
|
CWE-20
Improper Input Validation
|
CVE-2013-4660
|
2013-07-1 23:51 |
2013-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260542
|
- |
|
digital_alert_systems monroe_electronics
|
dasdec_eas r189_one-net_eas
|
The web server on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 allows remote attackers to obtain sensitive configuration an…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4733
|
2013-07-1 13:00 |
2013-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260543
|
- |
|
cisco
|
ironport_asyncos
|
The web framework in IronPort AsyncOS on Cisco Web Security Appliance devices before 7.1.3-013, 7.5 before 7.5.0-838, and 7.7 before 7.7.0-550 allows remote authenticated users to execute arbitrary c…
|
CWE-94
Code Injection
|
CVE-2013-3383
|
2013-06-28 13:00 |
2013-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260544
|
- |
|
cisco
|
prime_central_for_hosted_collaboration_solution
|
The web framework in Cisco Prime Central for Hosted Collaboration Solution (HCS) Assurance provides different responses to requests for arbitrary pathnames depending on whether the pathname exists, w…
|
CWE-200
Information Exposure
|
CVE-2013-3398
|
2013-06-28 07:41 |
2013-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260545
|
- |
|
cisco
|
adaptive_security_appliance
|
The Next-Generation Firewall (aka NGFW, formerly CX Context-Aware Security) module 9.x before 9.1.1.9 and 9.1.2.x before 9.1.2.12 for Cisco Adaptive Security Appliances (ASA) devices allows remote at…
|
CWE-20
Improper Input Validation
|
CVE-2013-3382
|
2013-06-28 05:50 |
2013-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260546
|
- |
|
kristof_de_jaeger
|
display_suite
|
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users with certain permissions to inject …
|
CWE-79
Cross-site Scripting
|
CVE-2013-2177
|
2013-06-27 04:23 |
2013-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260547
|
- |
|
fortinet
|
fortios
|
Fortinet FortiOS before 5.0.3 on FortiGate devices does not properly restrict Guest capabilities, which allows remote authenticated users to read, modify, or delete the records of arbitrary users by …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4604
|
2013-06-26 23:45 |
2013-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260548
|
- |
|
steve_j_baker
|
plib
|
Stack-based buffer overflow in the error function in ssg/ssgParser.cxx in PLIB 1.8.5 allows remote attackers to execute arbitrary code via a crafted 3d model file that triggers a long error message, …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-4552
|
2013-06-26 12:14 |
2012-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260549
|
- |
|
agilefleet
|
fleetcommander fleetcommander_kiosk
|
Multiple SQL injection vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2012-4941
|
2013-06-26 12:14 |
2012-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260550
|
- |
|
agilefleet
|
fleetcommander fleetcommander_kiosk
|
Multiple cross-site scripting (XSS) vulnerabilities in Agile FleetCommander and FleetCommander Kiosk before 4.08 allow remote attackers to inject arbitrary web script or HTML via an arbitrary text fi…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4942
|
2013-06-26 12:14 |
2012-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|