|
257731
|
- |
|
flag_module_project
|
flag
|
Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrato…
|
CWE-94
Code Injection
|
CVE-2014-3453
|
2014-05-20 01:32 |
2014-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257732
|
- |
|
vicidial
|
vicidial
|
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to o…
|
CWE-255
Credentials Management
|
CVE-2013-7382
|
2014-05-20 00:46 |
2014-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257733
|
- |
|
spumko_project
|
hapi_server_framework
|
The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service (file descriptor consumption and process crash) via unspecified vectors.
|
CWE-399
Resource Management Errors
|
CVE-2014-3742
|
2014-05-20 00:22 |
2014-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257734
|
- |
|
yokogawa
|
b\/m9000cs_software
b\/m9000cs
centum_cs_1000_software
centum_cs_1000
centum_cs_3000_software
centum_cs_3000
centum_cs_3000_entry_class_software
centum_cs_3000_entry_class
exa…
|
Stack-based buffer overflow in BKESimmgr.exe in the Expanded Test Functions package in Yokogawa CENTUM CS 1000, CENTUM CS 3000 Entry Class R3.09.50 and earlier, CENTUM VP R5.03.00 and earlier, CENTUM…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-0782
|
2014-05-19 23:57 |
2014-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257735
|
- |
|
dotclear
|
dotclear
|
Dotclear before 2.6.2 allows remote attackers to execute arbitrary PHP code via a serialized object in the dc_passwd cookie to a password-protected page, which is not properly handled by (1) inc/publ…
|
CWE-94
Code Injection
|
CVE-2014-1613
|
2014-05-17 03:43 |
2014-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257736
|
- |
|
ucdok
|
tomato
|
The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a string, which allows remote attackers to bypass authentication via a string in t…
|
CWE-287
Improper Authentication
|
CVE-2013-7379
|
2014-05-17 02:55 |
2014-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257737
|
- |
|
bilyoner
|
bilyoner
|
The Bilyoner application before 2.3.1 for Android and before 4.6.2 for iOS does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain se…
|
CWE-310
Cryptographic Issues
|
CVE-2014-3750
|
2014-05-17 02:46 |
2014-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257738
|
- |
|
mantisbt
|
mantisbt
|
Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web scrip…
|
CWE-79
Cross-site Scripting
|
CVE-2013-1810
|
2014-05-16 21:51 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257739
|
- |
|
mantisbt
|
mantisbt
|
Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2 function in core/filter_api.php in MantisBT 1.2.12 before 1.2.13 allows remote attackers to inject arbitrary web script or …
|
CWE-79
Cross-site Scripting
|
CVE-2013-0197
|
2014-05-16 21:44 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257740
|
- |
|
caldera
|
caldera
|
costview3/xmlrpc_server/xmlrpc.php in CostView in Caldera 9.20 allows remote attackers to execute arbitrary commands via shell metacharacters in a methodCall element in a PHP XMLRPC request.
|
CWE-78
OS Command
|
CVE-2014-2935
|
2014-05-16 13:26 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
