257921
|
- |
|
qbnz
|
geshi
|
Multiple directory traversal vulnerabilities in the cssgen contrib module in GeSHi before 1.0.8.11 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) geshi-path or (2) geshi…
|
CWE-22
Path Traversal
|
CVE-2012-3521
|
2014-06-14 00:31 |
2014-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257922
|
- |
|
skyboxsecurity
|
skybox_view_appliance_iso skybox_view_appliance
|
Skybox View Appliances with ISO 6.3.33-2.14, 6.3.31-2.14, 6.4.42-2.54, 6.4.45-2.56, and 6.4.46-2.57 does not properly restrict access to the Admin interface, which allows remote attackers to obtain s…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2084
|
2014-06-13 13:54 |
2014-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257923
|
- |
|
organic_groups_project
|
organic_groups
|
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7065
|
2014-06-13 13:51 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257924
|
- |
|
impresscms
|
impresscms
|
Cross-site scripting (XSS) vulnerability in modules/system/admin.php in ImpressCMS 1.3.6.1 allows remote attackers to inject arbitrary web script or HTML via the query parameter in a listimg action.
|
CWE-79
Cross-site Scripting
|
CVE-2014-4036
|
2014-06-13 03:19 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257925
|
- |
|
efrontlearning
|
efront
|
Cross-site scripting (XSS) vulnerability in libraries/includes/personal/profile.php in Epignosis eFront 3.6.14.4 allows remote attackers to inject arbitrary web script or HTML via the surname paramet…
|
CWE-79
Cross-site Scripting
|
CVE-2014-4033
|
2014-06-13 02:46 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257926
|
- |
|
daiki_ueno
|
libfep
|
libfep 0.0.5 before 0.1.0 does not properly use UNIX domain sockets in the abstract namespace, which allows local users to gain privileges via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3980
|
2014-06-13 02:37 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257927
|
- |
|
rocketsoftware
|
rocket_servergraph
|
The userRequest servlet in the Admin Center for Tivoli Storage Manager in Rocket Servergraph allows remote attackers to execute arbitrary commands via a (1) auth, (2) auth_session, (3) auth_simple, (…
|
CWE-94
Code Injection
|
CVE-2014-3915
|
2014-06-13 01:58 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257928
|
- |
|
samsung
|
ipolis_device_manager
|
Samsung iPOLiS Device Manager before 1.8.7 allow remote attackers to execute arbitrary code via unspecified values to the (1) Start, (2) ChangeControlLocalName, (3) DeleteDeviceProfile, (4) FrameAdva…
|
CWE-94
Code Injection
|
CVE-2014-3911
|
2014-06-13 01:24 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257929
|
- |
|
member_approval_plugin_project
|
member_approval
|
Cross-site request forgery (CSRF) vulnerability in the Member Approval plugin 131109 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change plug…
|
CWE-352
Origin Validation Error
|
CVE-2014-3850
|
2014-06-13 01:10 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257930
|
- |
|
dotclear
|
dotclear
|
Multiple incomplete blacklist vulnerabilities in the filemanager::isFileExclude method in the Media Manager in Dotclear before 2.6.3 allow remote authenticated users to execute arbitrary PHP code by …
|
NVD-CWE-Other
|
CVE-2014-3782
|
2014-06-13 01:04 |
2014-06-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|