257811
|
- |
|
tinymce
|
color_picker
|
Cross-site request forgery (CSRF) vulnerability in the TinyMCE Color Picker plugin before 1.2 for WordPress allows remote attackers to hijack the authentication of unspecified users for requests that…
|
CWE-352
Origin Validation Error
|
CVE-2014-3845
|
2014-06-28 01:51 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257812
|
- |
|
bizagi
|
business_process_management_suite
|
SQL injection vulnerability in workflowenginesoa.asmx in Bizagi BPM Suite through 10.4 allows remote authenticated users to execute arbitrary SQL commands via a crafted SOAP request.
|
CWE-89
SQL Injection
|
CVE-2014-2948
|
2014-06-28 01:50 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257813
|
- |
|
cogentdatahub
|
cogent_datahub
|
Heap-based buffer overflow in the Web Server in Cogent Real-Time Systems Cogent DataHub before 7.3.5 allows remote attackers to execute arbitrary code via a negative value in the Content-Length field…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3788
|
2014-06-28 01:48 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257814
|
- |
|
coscms
|
coscms
|
The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file.
|
CWE-78
OS Command
|
CVE-2013-1668
|
2014-06-28 01:35 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257815
|
- |
|
david_bagley
|
xlockmore
|
The (1) checkPasswd and (2) checkGroupXlockPasswds functions in xlockmore before 5.43 do not properly handle when a NULL value is returned upon an error by the crypt or dispcrypt function as implemen…
|
NVD-CWE-Other
|
CVE-2013-4143
|
2014-06-27 00:46 |
2014-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257816
|
- |
|
david_bagley
|
xlockmore
|
per http://cwe.mitre.org/data/definitions/476.html
"CWE-476: NULL Pointer Dereference"
|
NVD-CWE-Other
|
CVE-2013-4143
|
2014-06-27 00:46 |
2014-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257817
|
- |
|
bitrix
|
bitrix_e-store_module
|
The Bitrix e-Store module before 14.0.1 for Bitrix Site Manager uses sequential values for the BITRIX_SM_SALE_UID cookie, which makes it easier for remote attackers to guess the cookie value and bypa…
|
CWE-287
Improper Authentication
|
CVE-2013-6788
|
2014-06-27 00:38 |
2014-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257818
|
- |
|
coreftp
|
core_ftp
|
Multiple heap-based buffer overflows in the client in Core FTP LE 2.2 build 1798 allow remote FTP servers to cause a denial of service (application crash) and possibly execute arbitrary code via a lo…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-4643
|
2014-06-26 23:30 |
2014-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257819
|
- |
|
longtailvideo
|
jw_player_for_flash_\&_html5_video_plugin
|
Cross-site request forgery (CSRF) vulnerability in the JW Player plugin before 2.1.4 for WordPress allows remote attackers to hijack the authentication of administrators for requests that remove play…
|
CWE-352
Origin Validation Error
|
CVE-2014-4030
|
2014-06-26 23:25 |
2014-06-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257820
|
- |
|
dell quantum
|
powervault_ml6000_firmware powervault_ml6000 scalar_i500_firmware scalar_i500
|
logViewer.htm on the Dell ML6000 tape backup system with firmware before i8.2.0.2 (641G.GS103) and the Quantum Scalar i500 tape backup system with firmware before i8.2.2.1 (646G.GS002) allows remote …
|
CWE-78
OS Command
|
CVE-2014-2959
|
2014-06-26 13:50 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|