257831
|
- |
|
12net
|
login_rebuilder
|
Cross-site request forgery (CSRF) vulnerability in the Login rebuilder plugin before 1.2.0 for WordPress allows remote attackers to hijack the authentication of arbitrary users.
|
CWE-352
Origin Validation Error
|
CVE-2014-3882
|
2014-06-25 23:35 |
2014-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257832
|
- |
|
bmc
|
patrol_agent
|
Untrusted search path vulnerability in BMC Patrol for AIX 3.9.00 allows local users to gain privileges via a crafted library, related to an incorrect RPATH setting.
|
NVD-CWE-Other
|
CVE-2014-2591
|
2014-06-25 03:45 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257833
|
- |
|
bmc
|
patrol_agent
|
Per: http://cwe.mitre.org/data/definitions/426.html
"CWE-426: Untrusted Search Path"
|
NVD-CWE-Other
|
CVE-2014-2591
|
2014-06-25 03:45 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257834
|
- |
|
simple_popup_project
|
simple_popup
|
Cross-site scripting (XSS) vulnerability in popup.php in the Simple Popup Images plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via the z parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2014-3921
|
2014-06-25 02:21 |
2014-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257835
|
- |
|
dancer
|
dancer
|
CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v…
|
CWE-20
Improper Input Validation
|
CVE-2012-5572
|
2014-06-25 02:07 |
2014-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257836
|
- |
|
citrix
|
vdi-in-a-box
|
Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet.
|
CWE-287
Improper Authentication
|
CVE-2014-3780
|
2014-06-25 01:50 |
2014-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257837
|
- |
|
mate-desktop
|
mate-settings-daemon
|
The default configuration in mate-settings-daemon 1.5.3 allows local users to change the timezone for the system via a crafted D-Bus call.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5560
|
2014-06-25 01:27 |
2014-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257838
|
- |
|
debian
|
dpkg
|
dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with no…
|
CWE-22
Path Traversal
|
CVE-2014-3227
|
2014-06-25 00:55 |
2014-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257839
|
- |
|
owncloud
|
owncloud
|
Unspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite." NOTE…
|
NVD-CWE-noinfo
|
CVE-2013-0302
|
2014-06-25 00:49 |
2014-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257840
|
- |
|
owncloud
|
owncloud
|
ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query."
|
CWE-94
Code Injection
|
CVE-2014-2051
|
2014-06-25 00:38 |
2014-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|