|
258891
|
- |
|
cybozu
|
garoon
|
SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input.
|
CWE-89
SQL Injection
|
CVE-2013-6929
|
2013-12-31 01:39 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258892
|
- |
|
realvnc
|
realvnc
|
RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6886
|
2013-12-31 01:33 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258893
|
- |
|
zend
|
zendto
|
Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php.
|
CWE-79
Cross-site Scripting
|
CVE-2013-6808
|
2013-12-31 01:14 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258894
|
- |
|
cybozu
|
garoon
|
Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request.
|
CWE-287
Improper Authentication
|
CVE-2013-6006
|
2013-12-31 00:22 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258895
|
- |
|
redhat
|
jboss_enterprise_portal_platform
|
Multiple cross-site scripting (XSS) vulnerabilities in the GateIn Portal component in Red Hat JBoss Portal 6.1.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2013-4424
|
2013-12-28 02:44 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258896
|
- |
|
chamilo
|
chamilo_lms
|
SQL injection vulnerability in the check_user_password function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remo…
|
CWE-89
SQL Injection
|
CVE-2013-6787
|
2013-12-28 02:40 |
2013-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258897
|
- |
|
x
|
x_display_manager
|
X.Org xdm 1.1.10, 1.1.11, and possibly other versions, when performing authentication using certain implementations of the crypt API function that can return NULL, allows remote attackers to cause a …
|
CWE-310
Cryptographic Issues
|
CVE-2013-2179
|
2013-12-28 01:00 |
2013-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258898
|
- |
|
apple
|
quicktime
|
Untrusted search path vulnerability in the Picture Viewer in Apple QuickTime before 7.6.8 allows local users, and possibly remote attackers, to execute arbitrary code and conduct DLL hijacking attack…
|
NVD-CWE-Other
|
CVE-2010-1819
|
2013-12-28 00:27 |
2013-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258899
|
- |
|
apple
|
quicktime
|
Per: http://cwe.mitre.org/data/definitions/426.html
"CWE-426: Untrusted Search Path"
|
NVD-CWE-Other
|
CVE-2010-1819
|
2013-12-28 00:27 |
2013-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258900
|
- |
|
redhat
|
enterprise_virtualization_hypervisor
|
libspice, as used in QEMU-KVM in Red Hat Enterprise Virtualization Hypervisor (aka RHEV-H or rhev-hypervisor) before 5.5-2.2 and possibly other products, allows guest OS users to read from or write t…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2010-0430
|
2013-12-28 00:20 |
2013-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
