|
259081
|
- |
|
pineapp
|
mail-secure
|
admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter.
|
CWE-287
Improper Authentication
|
CVE-2013-6828
|
2013-11-21 23:45 |
2013-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259082
|
- |
|
pineapp
|
mail-secure
|
admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation.
|
CWE-94
Code Injection
|
CVE-2013-6829
|
2013-11-21 23:45 |
2013-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259083
|
- |
|
lockon
|
ec-cube
|
The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log …
|
CWE-200
Information Exposure
|
CVE-2013-5991
|
2013-11-21 23:36 |
2013-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259084
|
- |
|
lockon
|
ec-cube
|
Cross-site scripting (XSS) vulnerability in the displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to inject arbitrary web script or …
|
CWE-79
Cross-site Scripting
|
CVE-2013-5992
|
2013-11-21 23:36 |
2013-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259085
|
- |
|
lockon
|
ec-cube
|
Cross-site request forgery (CSRF) vulnerability in LOCKON EC-CUBE 2.11.0 through 2.13.0 allows remote attackers to hijack the authentication of arbitrary users via unspecified vectors related to refu…
|
CWE-352
Origin Validation Error
|
CVE-2013-5993
|
2013-11-21 23:35 |
2013-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259086
|
- |
|
lockon
|
ec-cube
|
data/class/pages/mypage/LC_Page_Mypage_DeliveryAddr.php in LOCKON EC-CUBE 2.11.2 through 2.13.0 allows remote attackers to obtain sensitive information via a direct request, which reveals the full pa…
|
CWE-200
Information Exposure
|
CVE-2013-5994
|
2013-11-21 23:35 |
2013-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259087
|
- |
|
cisco
|
nexus_1000v
|
The license-installation module on the Cisco Nexus 1000V switch 4.2(1)SV1(5.2b) and earlier for VMware vSphere, Cisco Nexus 1000V switch 5.2(1)SM1(5.1) for Microsoft Hyper-V, and Cisco Virtual Securi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5556
|
2013-11-21 02:40 |
2013-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259088
|
- |
|
dlink
|
dir865l_firmware
dir865l
|
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DIR865L router (Rev. A1) with firmware before 1.05b07 allow remote attackers to hijack the authentication of administrators for re…
|
CWE-352
Origin Validation Error
|
CVE-2013-3095
|
2013-11-21 02:39 |
2013-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259089
|
- |
|
collectiveaccess
|
pawtucket
providence
|
Cross-site scripting (XSS) vulnerability in CollectiveAccess Providence and Pawtucket before 1.3.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2013-4507
|
2013-11-21 02:39 |
2013-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259090
|
- |
|
fortinet
|
fortianalyzer_firmware
fortianalyzer-1000d
fortianalyzer-2000b
fortianalyzer-200d
fortianalyzer-3000d
fortianalyzer-300d
fortianalyzer-4000b
|
cgi-bin/module//sysmanager/admin/SYSAdminUserDialog in Fortinet FortiAnalyzer before 5.0.5 does not properly validate the csrf_token parameter, which allows remote attackers to perform cross-site req…
|
CWE-352
Origin Validation Error
|
CVE-2013-6826
|
2013-11-21 02:10 |
2013-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
