258091
|
- |
|
openx
|
openx
|
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by r…
|
CWE-352
Origin Validation Error
|
CVE-2013-7376
|
2014-05-16 00:00 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258092
|
- |
|
phpcms
|
guesbook_module
|
Multiple cross-site scripting (XSS) vulnerabilities in the Guestbook module for PHPCMS allow remote attackers to inject arbitrary web script or HTML via the (1) list or (2) introduce parameter to ind…
|
CWE-79
Cross-site Scripting
|
CVE-2013-5939
|
2014-05-15 23:43 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258093
|
- |
|
xiaowen_huang
|
yingzhi_python_programming_language
|
Directory traversal vulnerability in the FTP server in YingZhi Python Programming Language for iOS 1.9 allows remote attackers to read and possibly write arbitrary files via a .. (dot dot) in the def…
|
CWE-22
Path Traversal
|
CVE-2013-5655
|
2014-05-15 23:21 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258094
|
- |
|
vicidial
|
vicidial
|
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an …
|
NVD-CWE-Other
|
CVE-2013-4468
|
2014-05-15 22:16 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258095
|
- |
|
vicidial
|
vicidial
|
Per: http://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
NVD-CWE-Other
|
CVE-2013-4468
|
2014-05-15 22:16 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258096
|
- |
|
katello
|
katello_installer
|
Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by readi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4455
|
2014-05-15 22:11 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258097
|
- |
|
openx
|
openx
|
Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferen…
|
CWE-22
Path Traversal
|
CVE-2013-3514
|
2014-05-15 22:01 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258098
|
- |
|
webmaster-source
|
wp125
|
Cross-site request forgery (CSRF) vulnerability in the Add/Edit page (adminmenus.php) in the WP125 plugin before 1.5.0 for WordPress allows remote attackers to hijack the authentication of administra…
|
CWE-352
Origin Validation Error
|
CVE-2013-2700
|
2014-05-15 21:53 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258099
|
- |
|
glpi-project
|
glpi
|
Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) fi…
|
CWE-89
SQL Injection
|
CVE-2013-2226
|
2014-05-15 21:44 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258100
|
- |
|
galleryproject
|
gallery
|
Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) movie title to modules/gallery/controllers/movi…
|
CWE-79
Cross-site Scripting
|
CVE-2013-2087
|
2014-05-15 21:42 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|