258571
|
- |
|
krisonav
|
krisonav
|
Cross-site request forgery (CSRF) vulnerability in users_maint.html in KrisonAV CMS before 3.0.2 allows remote attackers to hijack the authentication of administrators for requests that create user a…
|
CWE-352
Origin Validation Error
|
CVE-2013-2713
|
2014-05-30 08:44 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258572
|
- |
|
usercake
|
usercake
|
Multiple cross-site request forgery (CSRF) vulnerabilities in user_settings.php in Usercake 2.0.2 and earlier allow remote attackers to hijack the authentication of administrators for requests that c…
|
CWE-352
Origin Validation Error
|
CVE-2014-3866
|
2014-05-30 08:22 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258573
|
- |
|
izarc
|
izarc
|
IZArc 4.1.8 displays a file's name on the basis of a ZIP archive's Central Directory entry, but launches this file on the basis of a ZIP archive's local file header, which allows user-assisted remote…
|
CWE-94
Code Injection
|
CVE-2014-2720
|
2014-05-30 08:21 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258574
|
- |
|
glpi-project
|
glpi
|
inc/ticket.class.php in GLPI 0.83.9 and earlier allows remote attackers to unserialize arbitrary PHP objects via the _predefined_fields parameter to front/ticket.form.php.
|
NVD-CWE-Other
|
CVE-2013-2225
|
2014-05-29 02:07 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258575
|
- |
|
glpi-project
|
glpi
|
Per: http://cwe.mitre.org/data/definitions/502.html
"CWE-502: Deserialization of Untrusted Data"
|
NVD-CWE-Other
|
CVE-2013-2225
|
2014-05-29 02:07 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258576
|
- |
|
dovecot
|
dovecot
|
The IMAP functionality in Dovecot before 2.2.2 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via invalid APPEND parameters.
|
CWE-20
Improper Input Validation
|
CVE-2013-2111
|
2014-05-29 01:25 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258577
|
- |
|
bib2html_project
|
bib2html
|
Cross-site scripting (XSS) vulnerability in the bib2html plugin 0.9.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the styleShortName parameter in an adminStyleAdd…
|
CWE-79
Cross-site Scripting
|
CVE-2014-3870
|
2014-05-28 23:02 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258578
|
- |
|
cisco
|
nx-os nexus_7000 nexus_7000_10-slot nexus_7000_18-slot nexus_7000_9-slot mds_9000 mds_9100
|
The Message Transfer Service (MTS) in Cisco NX-OS before 6.2(7) on MDS 9000 devices and 6.0 before 6.0(2) on Nexus 7000 devices allows remote attackers to cause a denial of service (NULL pointer dere…
|
NVD-CWE-Other
|
CVE-2014-2201
|
2014-05-28 01:31 |
2014-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258579
|
- |
|
cisco
|
nx-os nexus_7000 nexus_7000_10-slot nexus_7000_18-slot nexus_7000_9-slot mds_9000 mds_9100
|
Per: http://cwe.mitre.org/data/definitions/476.html
"CWE-476: NULL Pointer Dereference"
|
NVD-CWE-Other
|
CVE-2014-2201
|
2014-05-28 01:31 |
2014-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258580
|
- |
|
cisco
|
nx-os
|
Cisco NX-OS 5.0 before 5.0(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via an SSH …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-2200
|
2014-05-28 01:09 |
2014-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|