|
259201
|
- |
|
fatfreecrm
|
fat_free_crm
|
Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a dif…
|
CWE-200
Information Exposure
|
CVE-2013-7249
|
2014-01-4 01:57 |
2014-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259202
|
- |
|
cybozu
|
garoon
|
The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
|
CWE-399
Resource Management Errors
|
CVE-2013-6002
|
2014-01-4 00:31 |
2013-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259203
|
- |
|
cybozu
|
garoon
|
SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2013-6001
|
2014-01-4 00:22 |
2013-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259204
|
- |
|
cybozu
|
garoon
|
CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vect…
|
CWE-20
Improper Input Validation
|
CVE-2013-6003
|
2014-01-4 00:21 |
2013-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259205
|
- |
|
cybozu
|
garoon
|
Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6004
|
2014-01-4 00:20 |
2013-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259206
|
- |
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2013-6900
|
2014-01-4 00:20 |
2013-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259207
|
- |
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2013-6902
|
2014-01-4 00:19 |
2013-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259208
|
- |
|
projectforge
|
projectforge
|
Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a validation message.
|
CWE-79
Cross-site Scripting
|
CVE-2011-5269
|
2014-01-3 03:21 |
2014-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259209
|
- |
|
op5
|
monitor
|
op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0264
|
2014-01-3 01:39 |
2014-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259210
|
- |
|
op5
|
monitor
|
monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are tri…
|
CWE-200
Information Exposure
|
CVE-2012-0263
|
2014-01-3 01:35 |
2014-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
