|
258171
|
- |
|
emc
|
rsa_adaptive_authentication_on-premise
|
Cross-site scripting (XSS) vulnerability in the back-office case-management application in RSA Adaptive Authentication (On-Premise) 6.x and 7.x before 7.1 SP0 P2 allows remote authenticated users to …
|
CWE-79
Cross-site Scripting
|
CVE-2014-0637
|
2014-04-5 01:34 |
2014-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258172
|
- |
|
crowbar
novell
|
barclamp
suse_cloud
|
Barclamp (aka barclamp-network) 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass secur…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0592
|
2014-04-5 01:20 |
2014-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258173
|
- |
|
roberta_bramski
|
uploader
|
Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or …
|
CWE-79
Cross-site Scripting
|
CVE-2013-2287
|
2014-04-5 01:01 |
2014-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258174
|
- |
|
koushik_dutta
google
|
superuser
android
|
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6770
|
2014-04-4 02:09 |
2014-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258175
|
- |
|
b2evolution
|
b2evolution
|
Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL inj…
|
CWE-352
Origin Validation Error
|
CVE-2013-7352
|
2014-04-4 00:36 |
2014-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258176
|
- |
|
dotcms
|
dotcms
|
Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/logi…
|
CWE-79
Cross-site Scripting
|
CVE-2013-3484
|
2014-04-4 00:13 |
2014-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258177
|
- |
|
apple
|
safari
|
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read …
|
CWE-20
Improper Input Validation
|
CVE-2014-1297
|
2014-04-3 02:07 |
2014-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258178
|
- |
|
cisco
|
security_manager
|
CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL,…
|
CWE-20
Improper Input Validation
|
CVE-2014-2138
|
2014-04-3 01:56 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258179
|
- |
|
cisco
|
web_security_virtual_appliance
web_security_appliance
|
CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a …
|
CWE-20
Improper Input Validation
|
CVE-2014-2137
|
2014-04-3 01:28 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258180
|
- |
|
pearson
|
esis_enterprise_student_information_system
|
Cross-site scripting (XSS) vulnerability in aal/loginverification.aspx in Pearson eSIS Enterprise Student Information System allows remote attackers to inject arbitrary web script or HTML via unspeci…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1942
|
2014-04-3 01:05 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
