|
258921
|
- |
|
adtran
|
aos
netvanta_7060
netvanta_7100
|
Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2013-5210
|
2013-12-31 10:34 |
2013-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258922
|
- |
|
hot
|
hotbox_router_firmware
hotbox_router
|
goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data.
|
CWE-20
Improper Input Validation
|
CVE-2013-5220
|
2013-12-31 04:29 |
2013-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258923
|
- |
|
hot
|
hotbox_router_firmware
hotbox_router
|
Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not…
|
CWE-79
Cross-site Scripting
|
CVE-2013-5218
|
2013-12-31 04:27 |
2013-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258924
|
- |
|
hot
|
hotbox_router_firmware
hotbox_router
|
Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in a URI, as demonstrated by a request for /etc/pass…
|
CWE-22
Path Traversal
|
CVE-2013-5219
|
2013-12-31 04:26 |
2013-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258925
|
- |
|
hot
|
hotbox_router_firmware
hotbox_router
|
Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for re…
|
CWE-352
Origin Validation Error
|
CVE-2013-5039
|
2013-12-31 04:25 |
2013-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258926
|
- |
|
hot
|
hotbox_router_firmware
hotbox_router
|
The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session.
|
CWE-287
Improper Authentication
|
CVE-2013-5038
|
2013-12-31 04:14 |
2013-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258927
|
- |
|
hot
|
hotbox_router_firmware
hotbox_router
|
The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages.
|
CWE-255
Credentials Management
|
CVE-2013-5037
|
2013-12-31 04:12 |
2013-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258928
|
- |
|
microsoft
|
windows_movie_maker
|
Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) via a crafted .wav file, as demonstrated by movieMaker.wav.
|
CWE-20
Improper Input Validation
|
CVE-2013-4858
|
2013-12-31 03:50 |
2013-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258929
|
- |
|
irfanview
|
irfanview
|
Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly han…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-6932
|
2013-12-31 01:48 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258930
|
- |
|
cybozu
|
garoon
|
SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input.
|
CWE-89
SQL Injection
|
CVE-2013-6929
|
2013-12-31 01:39 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
