|
257591
|
- |
|
dotclear
|
dotclear
|
The dcXmlRpc::setUser method in nc/core/class.dc.xmlrpc.php in Dotclear before 2.6.3 allows remote attackers to bypass authentication via an empty password in an XML-RPC request.
|
CWE-287
Improper Authentication
|
CVE-2014-3781
|
2014-06-13 00:51 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257592
|
- |
|
mplayer2
ricardo_villalba
|
mplayer2
smplayer
|
Stack-based buffer overflow in the sub_read_line_sami function in subreader.c in MPlayer, as used in SMPlayer 0.6.9, allows remote attackers to cause a denial of service (crash) and possibly execute …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2011-3625
|
2014-06-12 22:27 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257593
|
- |
|
jzip
|
jzip
|
Stack-based buffer overflow in Jzip 1.3 through 2.0.0.132900 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a long file name in a zip archive.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2010-5300
|
2014-06-12 22:08 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257594
|
- |
|
cisofy
|
lynis
|
include/tests_webservers in Lynis before 1.5.5 allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.*.unsorted file with an easily determined name.
|
CWE-59
Link Following
|
CVE-2014-3986
|
2014-06-10 02:23 |
2014-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257595
|
- |
|
cisofy
|
lynis
|
include/tests_webservers in Lynis before 1.5.5 on AIX allows local users to overwrite arbitrary files via a symlink attack on a /tmp/lynis.##### file.
|
CWE-59
Link Following
|
CVE-2014-3982
|
2014-06-10 02:14 |
2014-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257596
|
- |
|
ddsn
|
cm3_acora_content_management_system
|
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a .. (dot dot) in the "l" parameter…
|
CWE-200
Information Exposure
|
CVE-2013-4728
|
2014-06-9 23:27 |
2014-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257597
|
- |
|
ddsn
|
cm3_acora_content_management_system
|
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, allows remote attackers to obtain sensitive information via a request to Admin/top.aspx.
|
CWE-200
Information Exposure
|
CVE-2013-4727
|
2014-06-9 23:19 |
2014-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257598
|
- |
|
ddsn
|
cm3_acora_content_management_system
|
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not set the secure flag for an unspecified cookie in an https session, which makes it easi…
|
CWE-200
Information Exposure
|
CVE-2013-4725
|
2014-06-9 23:18 |
2014-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257599
|
- |
|
ddsn
|
cm3_acora_content_management_system
|
DDSN Interactive cm3 Acora CMS 6.0.6/1a, 6.0.2/1a, 5.5.7/12b, 5.5.0/1b-p1, and possibly other versions, does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which make…
|
CWE-200
Information Exposure
|
CVE-2013-4724
|
2014-06-9 23:07 |
2014-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257600
|
- |
|
myheritage
|
sequeryobject_activex_control
|
Multiple array index errors in the MyHeritage SEQueryObject ActiveX control (SearchEngineQuery.dll) 1.0.2.0 allow remote attackers to execute arbitrary code via the (1) seTokensArray, or (2) seTokens…
|
NVD-CWE-Other
|
CVE-2013-2602
|
2014-06-9 23:04 |
2014-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
