260541
|
- |
|
apache
|
rave
|
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demon…
|
CWE-200
Information Exposure
|
CVE-2013-1814
|
2013-07-4 02:03 |
2013-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260542
|
- |
|
apple
|
mac_os_x mac_os_x_server
|
load_webdav in Apple Mac OS X 10.3.9 through 10.4.9 does not properly clean the environment when mounting a WebDAV filesystem, which allows local users to gain privileges by setting unspecified envir…
|
NVD-CWE-Other
|
CVE-2007-0747
|
2013-07-4 00:33 |
2007-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260543
|
- |
|
onlinetechtools.com
|
owos_lite
|
SQL injection vulnerability in search.asp in Online Work Order Suite (OWOS) Lite Edition for ASP 3.0 allows remote attackers to execute arbitrary SQL commands via the keyword parameter.
|
NVD-CWE-Other
|
CVE-2005-3852
|
2013-07-3 23:48 |
2005-11-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260544
|
- |
|
boxes_project
|
boxes
|
Cross-site scripting (XSS) vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web scri…
|
CWE-79
Cross-site Scripting
|
CVE-2013-0259
|
2013-07-3 13:29 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260545
|
- |
|
zeroclipboard_project
|
zeroclipboard
|
Cross-site scripting (XSS) vulnerability in ZeroClipboard before 1.1.4 allows remote attackers to inject arbitrary web script or HTML via "the clipText returned from the flash object," a different vu…
|
CWE-79
Cross-site Scripting
|
CVE-2012-6550
|
2013-07-3 13:29 |
2013-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260546
|
- |
|
cisco
|
telepresence_tc_software
|
The SIP implementation in Cisco TelePresence TC Software allows remote attackers to trigger unintended use of NOTIFY messages via unspecified vectors, aka Bug ID CSCud96080.
|
NVD-CWE-noinfo
|
CVE-2013-3401
|
2013-07-2 13:00 |
2013-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260547
|
- |
|
kurt_gusbeth
|
myquizpoll
|
SQL injection vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2013-4745
|
2013-07-2 13:00 |
2013-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260548
|
- |
|
kurt_gusbeth
|
myquizpoll
|
Cross-site scripting (XSS) vulnerability in the My quiz and poll (myquizpoll) extension before 2.0.6 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2013-4746
|
2013-07-2 13:00 |
2013-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260549
|
- |
|
digital_alert_systems monroe_electronics
|
dasdec_eas r189_one-net_eas
|
The Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 have a default password for an administrative account, which makes it easier f…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4735
|
2013-07-2 03:48 |
2013-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260550
|
- |
|
digital_alert_systems monroe_electronics
|
dasdec_eas r189_one-net_eas
|
dasdec_mkuser on the Digital Alert Systems DASDEC EAS device before 2.0-2 and the Monroe Electronics R189 One-Net EAS device before 2.0-2 generates predictable passwords, which might make it easier f…
|
NVD-CWE-noinfo
|
CVE-2013-4734
|
2013-07-2 03:45 |
2013-07-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|