258931
|
- |
|
realvnc
|
realvnc
|
RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6886
|
2013-12-31 01:33 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258932
|
- |
|
zend
|
zendto
|
Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php.
|
CWE-79
Cross-site Scripting
|
CVE-2013-6808
|
2013-12-31 01:14 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258933
|
- |
|
cybozu
|
garoon
|
Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request.
|
CWE-287
Improper Authentication
|
CVE-2013-6006
|
2013-12-31 00:22 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258934
|
- |
|
redhat
|
jboss_enterprise_portal_platform
|
Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2013-4424
|
2013-12-28 02:44 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258935
|
- |
|
chamilo
|
chamilo_lms
|
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remo…
|
CWE-89
SQL Injection
|
CVE-2013-6787
|
2013-12-28 02:40 |
2013-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258936
|
- |
|
x
|
x_display_manager
|
X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing authentication using certain implementations of the crypt API function that can return NULL, allows remote attackers to cause a …
|
CWE-310
Cryptographic Issues
|
CVE-2013-2179
|
2013-12-28 01:00 |
2013-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258937
|
- |
|
apple
|
quicktime
|
Untrusted search path vulnerability in the Picture Viewer in Apple QuickTime before 7.6.8 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attack…
|
NVD-CWE-Other
|
CVE-2010-1819
|
2013-12-28 00:27 |
2013-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258938
|
- |
|
apple
|
quicktime
|
Per: http://cwe.mitre.org/data/definitions/426.html
"CWE-426: Untrusted Search Path"
|
NVD-CWE-Other
|
CVE-2010-1819
|
2013-12-28 00:27 |
2013-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258939
|
- |
|
redhat
|
enterprise_virtualization_hypervisor
|
libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 and possibly other products, allows guest OS users to read from or write t…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2010-0430
|
2013-12-28 00:20 |
2013-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258940
|
- |
|
novatech
|
orion5_dnp_master orion5_dnp_slave orion5r_dnp_master orion5r_dnp_slave orionlx_dnp_master orionlx_dnp_slave
|
NovaTech Orion Substation Automation Platform OrionLX DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier and Orion5/Orion5r DNP Master 1.27.38 and DNP Slave 1.23.10 and earlier allow remote attacke…
|
CWE-20
Improper Input Validation
|
CVE-2013-2821
|
2013-12-27 01:44 |
2013-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|