260071
|
- |
|
wordpress
|
wordpress
|
The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery (SSRF) issue, a similar vuln…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2199
|
2013-08-14 02:21 |
2013-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260072
|
- |
|
wordpress
|
wordpress
|
WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspeci…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2200
|
2013-08-14 02:21 |
2013-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260073
|
- |
|
tinymce wordpress
|
media wordpress
|
moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a # (pound sign) character during extracti…
|
CWE-20
Improper Input Validation
|
CVE-2013-2204
|
2013-08-14 02:21 |
2013-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260074
|
- |
|
cisco
|
ios ios_xe asa_5500 pix_firewall_software fwsm nx-os staros
|
The OSPF implementation in Cisco IOS 12.0 through 12.4 and 15.0 through 15.3, IOS-XE 2.x through 3.9.xS, ASA and PIX 7.x through 9.1, FWSM, NX-OS, and StarOS before 14.0.50488 does not properly valid…
|
NVD-CWE-noinfo
|
CVE-2013-0149
|
2013-08-14 02:18 |
2013-08-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260075
|
- |
|
ruby-lang
|
ruby
|
The safe-level feature in Ruby 1.8.6 through 1.8.6-420, 1.8.7 through 1.8.7-330, and 1.8.8dev allows context-dependent attackers to modify strings via the Exception#to_s method, as demonstrated by ch…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2011-1005
|
2013-08-14 02:00 |
2011-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260076
|
- |
|
o-dyn
|
collabtive
|
Multiple cross-site scripting (XSS) vulnerabilities in Collabtive 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the (1) User parameter in the edit user profile feature to ma…
|
CWE-79
Cross-site Scripting
|
CVE-2010-5284
|
2013-08-14 01:58 |
2012-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260077
|
- |
|
open-emr
|
openemr
|
Multiple SQL injection vulnerabilities in OpenEMR 4.1.1 allow remote authenticated users to execute arbitrary SQL commands via the (1) start or (2) end parameter to interface/reports/custom_report_ra…
|
CWE-89
SQL Injection
|
CVE-2013-4619
|
2013-08-13 23:05 |
2013-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260078
|
- |
|
open-emr
|
openemr
|
Cross-site scripting (XSS) vulnerability in interface/main/onotes/office_comments_full.php in OpenEMR 4.1.1 allows remote attackers to inject arbitrary web script or HTML via the note parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2013-4620
|
2013-08-13 22:56 |
2013-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260079
|
- |
|
silverstripe
|
silverstripe
|
Multiple cross-site scripting (XSS) vulnerabilities in the SilverStripe e-commerce module 3.0 for SilverStripe CMS allow remote attackers to inject arbitrary web script or HTML via the (1) FirstName,…
|
CWE-79
Cross-site Scripting
|
CVE-2012-6458
|
2013-08-13 22:10 |
2013-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260080
|
- |
|
selinc
|
sel-2241 sel-3505 sel-3530 sel-3530-4
|
Schweitzer Engineering Laboratories (SEL) SEL-2241, SEL-3505, and SEL-3530 RTAC master devices allow physically proximate attackers to cause a denial of service (infinite loop) via crafted input over…
|
CWE-20
Improper Input Validation
|
CVE-2013-2798
|
2013-08-13 05:23 |
2013-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|