|
258541
|
- |
|
westerndeal
wordpress
|
advanced_dewplayer
wordpress
|
Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.
|
CWE-22
Path Traversal
|
CVE-2013-7240
|
2014-02-25 22:18 |
2014-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258542
|
- |
|
apache
|
cloudstack
|
The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-0031
|
2014-02-25 21:38 |
2014-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258543
|
- |
|
icinga
|
icinga
|
Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbit…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-7106
|
2014-02-25 21:19 |
2014-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258544
|
- |
|
almanah_project
|
almanah
|
Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database.
|
CWE-310
Cryptographic Issues
|
CVE-2013-1853
|
2014-02-25 11:44 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258545
|
- |
|
opsview
|
opsview
|
Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
CWE-352
Origin Validation Error
|
CVE-2013-7256
|
2014-02-25 11:17 |
2014-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258546
|
- |
|
cs-cart
|
cs-cart
|
Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) a…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7317
|
2014-02-25 11:14 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258547
|
- |
|
aphpkb
|
aphpkb
|
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) first_…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7289
|
2014-02-25 11:01 |
2014-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258548
|
- |
|
google
|
chrome
|
Google Chrome through 32.0.1700.23 on Android allows remote attackers to spoof the address bar via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2013-6642
|
2014-02-25 10:55 |
2014-01-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258549
|
- |
|
cru-inc
|
ditto_forensic_fieldstation_firmware
ditto_forensic_fieldstation
|
The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.
|
CWE-255
Credentials Management
|
CVE-2013-6884
|
2014-02-25 10:44 |
2014-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258550
|
- |
|
wordpress
|
wordpress
|
wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by vi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6635
|
2014-02-25 10:38 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
