|
257531
|
- |
|
hot
|
hotbox_router_firmware
hotbox_router
|
The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session.
|
CWE-287
Improper Authentication
|
CVE-2013-5038
|
2013-12-31 04:14 |
2013-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257532
|
- |
|
hot
|
hotbox_router_firmware
hotbox_router
|
The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages.
|
CWE-255
Credentials Management
|
CVE-2013-5037
|
2013-12-31 04:12 |
2013-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257533
|
- |
|
microsoft
|
windows_movie_maker
|
Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) via a crafted .wav file, as demonstrated by movieMaker.wav.
|
CWE-20
Improper Input Validation
|
CVE-2013-4858
|
2013-12-31 03:50 |
2013-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257534
|
- |
|
irfanview
|
irfanview
|
Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly han…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-6932
|
2013-12-31 01:48 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257535
|
- |
|
cybozu
|
garoon
|
SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input.
|
CWE-89
SQL Injection
|
CVE-2013-6929
|
2013-12-31 01:39 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257536
|
- |
|
realvnc
|
realvnc
|
RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6886
|
2013-12-31 01:33 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257537
|
- |
|
zend
|
zendto
|
Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php.
|
CWE-79
Cross-site Scripting
|
CVE-2013-6808
|
2013-12-31 01:14 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257538
|
- |
|
cybozu
|
garoon
|
Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request.
|
CWE-287
Improper Authentication
|
CVE-2013-6006
|
2013-12-31 00:22 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257539
|
- |
|
redhat
|
jboss_enterprise_portal_platform
|
Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2013-4424
|
2013-12-28 02:44 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257540
|
- |
|
chamilo
|
chamilo_lms
|
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remo…
|
CWE-89
SQL Injection
|
CVE-2013-6787
|
2013-12-28 02:40 |
2013-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
