|
258391
|
- |
|
dancer
|
dancer
|
CRLF injection vulnerability in the cookie method (lib/Dancer/Cookie.pm) in Dancer before 1.3114 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v…
|
CWE-20
Improper Input Validation
|
CVE-2012-5572
|
2014-06-25 02:07 |
2014-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258392
|
- |
|
citrix
|
vdi-in-a-box
|
Unspecified vulnerability in Citrix VDI-In-A-Box 5.3.x before 5.3.8 and 5.4.x before 5.4.4 allows remote attackers to bypass authentication via unspecified vectors, related to a Java servlet.
|
CWE-287
Improper Authentication
|
CVE-2014-3780
|
2014-06-25 01:50 |
2014-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258393
|
- |
|
mate-desktop
|
mate-settings-daemon
|
The default configuration in mate-settings-daemon 1.5.3 allows local users to change the timezone for the system via a crafted D-Bus call.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5560
|
2014-06-25 01:27 |
2014-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258394
|
- |
|
debian
|
dpkg
|
dpkg 1.15.9, 1.16.x before 1.16.14, and 1.17.x before 1.17.9 expect the patch program to be compliant with a need for the "C-style encoded filenames" feature, but is supported in environments with no…
|
CWE-22
Path Traversal
|
CVE-2014-3227
|
2014-06-25 00:55 |
2014-05-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258395
|
- |
|
owncloud
|
owncloud
|
Unspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite." NOTE…
|
NVD-CWE-noinfo
|
CVE-2013-0302
|
2014-06-25 00:49 |
2014-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258396
|
- |
|
owncloud
|
owncloud
|
ownCloud Server before 5.0.15 and 6.0.x before 6.0.2 allows remote attackers to conduct an LDAP injection attack via unspecified vectors, as demonstrated using a "login query."
|
CWE-94
Code Injection
|
CVE-2014-2051
|
2014-06-25 00:38 |
2014-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258397
|
- |
|
gordon_heydon
|
secure_pages
|
The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive info…
|
CWE-310
Cryptographic Issues
|
CVE-2013-4595
|
2014-06-25 00:37 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258398
|
- |
|
mambo-foundation
|
mambo_cms
|
Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors.
|
CWE-255
Credentials Management
|
CVE-2013-2562
|
2014-06-25 00:34 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258399
|
- |
|
mambo-foundation
|
mambo_cms
|
Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2563
|
2014-06-25 00:29 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258400
|
- |
|
mambo-foundation
|
mambo_cms
|
Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file.
|
CWE-399
Resource Management Errors
|
CVE-2013-2564
|
2014-06-25 00:20 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
