259601
|
- |
|
open-xchange
|
open-xchange_appsuite
|
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange AppSuite before 7.2.2 allow remote authenticated users to inject arbitrary web script or HTML via (1) content with the text/xml MIM…
|
CWE-79
Cross-site Scripting
|
CVE-2013-5690
|
2013-10-5 01:41 |
2013-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259602
|
- |
|
corel
|
pdf_fusion
|
Untrusted search path vulnerability in Corel PDF Fusion 1.11 allows local users to gain privileges via a Trojan horse wintab32.dll file in the current working directory, as demonstrated by a director…
|
NVD-CWE-Other
|
CVE-2013-3248
|
2013-10-5 01:37 |
2013-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259603
|
- |
|
corel
|
pdf_fusion
|
Per: http://cwe.mitre.org/data/definitions/426.html
'CWE-426 Untrusted Search Path'
|
NVD-CWE-Other
|
CVE-2013-3248
|
2013-10-5 01:37 |
2013-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259604
|
- |
|
apache
|
roller
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the admin/editor console in Apache Roller before 5.0.1 allow remote attackers to hijack the authentication of admins or editors by levera…
|
CWE-352
Origin Validation Error
|
CVE-2012-2380
|
2013-10-5 00:11 |
2012-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259605
|
- |
|
open-xchange
|
open-xchange_appsuite
|
CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting …
|
CWE-94
Code Injection
|
CVE-2013-6009
|
2013-10-4 23:18 |
2013-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259606
|
- |
|
apache
|
roller
|
Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.1 allow remote authenticated users to inject arbitrary web script or HTML by leveraging the blogger role.
|
CWE-79
Cross-site Scripting
|
CVE-2012-2381
|
2013-10-4 04:45 |
2012-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259607
|
- |
|
mozilla
|
bugzilla
|
Bugzilla 4.1.x and 4.2.x before 4.2.2 and 4.3.x before 4.3.2 uses bug-editor privileges instead of bugmail-recipient privileges during construction of HTML bugmail documents, which allows remote atta…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1968
|
2013-10-4 03:50 |
2012-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259608
|
- |
|
piwigo
|
piwigo
|
Cross-site request forgery (CSRF) vulnerability in the LocalFiles Editor plugin in Piwigo before 2.4.7 allows remote attackers to hijack the authentication of administrators for requests that create …
|
CWE-352
Origin Validation Error
|
CVE-2013-1468
|
2013-10-4 03:49 |
2013-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259609
|
- |
|
sophos
|
unified_threat_management_software
|
Unspecified vulnerability in WebAdmin in Sophos UTM (aka Astaro Security Gateway) before 9.105 has unknown impact and attack vectors.
|
NVD-CWE-noinfo
|
CVE-2013-5932
|
2013-10-4 03:35 |
2013-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259610
|
- |
|
cisco
|
unified_computing_system
|
Absolute path traversal vulnerability in the image-download process in the fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to overwrite or delete arbitrary fi…
|
CWE-22
Path Traversal
|
CVE-2012-4104
|
2013-10-4 03:32 |
2013-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|