|
257611
|
- |
|
enorth
|
webpublisher_cms
|
SQL injection vulnerability in m_worklog/log_searchday.jsp in Enorth Webpublisher CMS, possibly 5.0 and earlier, allows remote attackers to execute arbitrary SQL commands via the thisday parameter.
|
CWE-89
SQL Injection
|
CVE-2013-6985
|
2013-12-12 04:22 |
2013-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257612
|
- |
|
cmsmadesimple
|
cms_made_simple
|
Cross-site scripting (XSS) vulnerability in admin/editevent.php in CMS Made Simple (CMSMS) 1.11.9 allows remote authenticated users with the "Modify Events" permission to inject arbitrary web script …
|
CWE-79
Cross-site Scripting
|
CVE-2013-3929
|
2013-12-11 06:14 |
2013-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257613
|
- |
|
ffmpeg
|
ffmpeg
|
Buffer overflow in FFmpeg before 0.5.6, 0.6.x before 0.6.4, 0.7.x before 0.7.8, and 0.8.x before 0.8.8 allows remote attackers to execute arbitrary code via unspecified vectors.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-4351
|
2013-12-11 02:04 |
2013-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257614
|
- |
|
djangoproject
|
django
|
Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_…
|
CWE-22
Path Traversal
|
CVE-2013-4315
|
2013-12-10 15:05 |
2013-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257615
|
- |
|
debian
|
adequate
|
Debian adequate before 0.8.1, when run by root with the --user option, allows local users to hijack the tty and possibly gain privileges via the TIOCSTI ioctl.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6409
|
2013-12-10 05:52 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257616
|
- |
|
twibright
|
links
|
Integer overflow in Links before 2.8 allows remote attackers to cause a denial of service (crash) via crafted HTML tables.
|
CWE-189
Numeric Errors
|
CVE-2013-6050
|
2013-12-10 05:02 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257617
|
- |
|
supmua
|
sup
|
Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.
|
CWE-94
Code Injection
|
CVE-2013-4478
|
2013-12-10 02:54 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257618
|
- |
|
steven_jones
|
context
|
The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support t…
|
CWE-94
Code Injection
|
CVE-2013-4446
|
2013-12-10 02:38 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257619
|
- |
|
steven_jones
|
context
|
The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4445
|
2013-12-10 02:36 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257620
|
- |
|
apache
|
roller
|
Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RS…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4171
|
2013-12-10 02:09 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
