|
258861
|
- |
|
amberdms
|
amberdms_billing_system
|
Amberdms Billing System (ABS) before 1.4.1, when a multi-instance installation is configured, might allow local users to obtain sensitive information by reading the cache in between runs of the inclu…
|
CWE-200
Information Exposure
|
CVE-2010-5292
|
2014-01-11 03:36 |
2014-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258862
|
- |
|
amberdms
|
amberdms_billing_system
|
Amberdms Billing System (ABS) before 1.4.1 does not properly implement blacklisting after detection of invalid login attempts, which makes it easier for remote attackers to obtain access via a brute-…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2010-5291
|
2014-01-11 03:35 |
2014-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258863
|
- |
|
paratrooper-newrelic_project
|
paratrooper-newrelic
|
The paratrooper-newrelic gem 1.0.1 for Ruby allows local users to obtain the X-Api-Key value by listing the curl process.
|
CWE-200
Information Exposure
|
CVE-2014-1234
|
2014-01-11 02:57 |
2014-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258864
|
- |
|
tobias_maier
|
paratrooper-pingdom
|
The paratrooper-pingdom gem 1.0.0 for Ruby allows local users to obtain the App-Key, username, and password values by listing the curl process.
|
CWE-200
Information Exposure
|
CVE-2014-1233
|
2014-01-11 02:53 |
2014-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258865
|
- |
|
nisuta
|
ns-wir150ne_firmware
ns-wir150ne
ns-wir300n_firmware
ns-wir300n
|
The management web interface on the Nisuta NS-WIR150NE router with firmware 5.07.41 and Nisuta NS-WIR300N router with firmware 5.07.36_NIS01 allows remote attackers to bypass authentication via a "Co…
|
CWE-287
Improper Authentication
|
CVE-2013-7282
|
2014-01-11 02:37 |
2014-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258866
|
- |
|
cynthia_fridsma
|
horizon_quick_content_management_system
|
SQL injection vulnerability in download.php in Horizon Quick Content Management System (QCMS) 4.0 and earlier allows remote to execute arbitrary SQL commands via the category parameter.
|
CWE-89
SQL Injection
|
CVE-2013-7139
|
2014-01-11 01:04 |
2014-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258867
|
- |
|
libreswan
|
libreswan
|
Race condition in the libreswan.spec files for Red Hat Enterprise Linux (RHEL) and Fedora packages in libreswan 3.6 has unspecified impact and attack vectors, involving the /var/tmp/libreswan-nss-pwd…
|
CWE-362
Race Condition
|
CVE-2013-7283
|
2014-01-11 00:07 |
2014-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258868
|
- |
|
ecava
|
integraxor
|
The SCADA server in Ecava IntegraXor before 4.1.4369 allows remote attackers to read arbitrary project backup files via a crafted URL.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0752
|
2014-01-10 23:56 |
2014-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258869
|
- |
|
synology
|
diskstation_manager
|
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, an…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6955
|
2014-01-10 22:54 |
2014-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258870
|
- |
|
xen
|
xen
|
The instruction emulation in Xen 3.0.3 allows local SMP guest users to cause a denial of service (host crash) by replacing the instruction that causes the VM to exit in one thread with a different in…
|
CWE-20
Improper Input Validation
|
CVE-2011-1780
|
2014-01-9 02:46 |
2014-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
