|
257671
|
- |
|
robert_ancell
canonical
|
lightdm
ubuntu_linux
|
debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0943
|
2014-05-30 09:19 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257672
|
- |
|
apache
|
couchdb
|
Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash.
|
CWE-94
Code Injection
|
CVE-2012-5649
|
2014-05-30 09:16 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257673
|
- |
|
krisonav
|
krisonav
|
Cross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2013-2712
|
2014-05-30 08:44 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257674
|
- |
|
krisonav
|
krisonav
|
Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user a…
|
CWE-352
Origin Validation Error
|
CVE-2013-2713
|
2014-05-30 08:44 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257675
|
- |
|
usercake
|
usercake
|
Multiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that c…
|
CWE-352
Origin Validation Error
|
CVE-2014-3866
|
2014-05-30 08:22 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257676
|
- |
|
izarc
|
izarc
|
IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote…
|
CWE-94
Code Injection
|
CVE-2014-2720
|
2014-05-30 08:21 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257677
|
- |
|
glpi-project
|
glpi
|
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.
|
NVD-CWE-Other
|
CVE-2013-2225
|
2014-05-29 02:07 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257678
|
- |
|
glpi-project
|
glpi
|
Per: http://cwe.mitre.org/data/definitions/502.html
"CWE-502: Deserialization of Untrusted Data"
|
NVD-CWE-Other
|
CVE-2013-2225
|
2014-05-29 02:07 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257679
|
- |
|
dovecot
|
dovecot
|
The IMAP functionality in Dovecot before 2.2.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via invalid APPEND parameters.
|
CWE-20
Improper Input Validation
|
CVE-2013-2111
|
2014-05-29 01:25 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257680
|
- |
|
bib2html_project
|
bib2html
|
Cross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the styleShortName parameter in an adminStyleAdd…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3870
|
2014-05-28 23:02 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
