|
258601
|
- |
|
cisco
|
unified_web_and_e-mail_interaction_manager
|
system/egain/chat/entrypoint in Cisco Unified Web and E-mail Interaction Manager 9.0(2) allows remote attackers to have an unspecified impact by injecting a spoofed XML external entity.
|
CWE-20
Improper Input Validation
|
CVE-2014-2194
|
2014-05-20 22:57 |
2014-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258602
|
- |
|
cisco
|
unified_web_and_e-mail_interaction_manager
|
Cisco Unified Web and E-Mail Interaction Manager places session identifiers in GET requests, which allows remote attackers to inject conversation text by obtaining a valid identifier, aka Bug ID CSCu…
|
CWE-20
Improper Input Validation
|
CVE-2014-2193
|
2014-05-20 22:56 |
2014-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258603
|
- |
|
sap
|
netweaver
|
SAP NetWeaver 7.20 and earlier allows remote attackers to read arbitrary SAP Central User Administration (SAP CUA) tables via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2014-3787
|
2014-05-20 21:43 |
2014-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258604
|
- |
|
livezilla
|
livezilla
|
LiveZilla 5.1.2.1 and earlier includes the MD5 hash of the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which allows remote attackers to obtain sensitive…
|
CWE-310
Cryptographic Issues
|
CVE-2013-7385
|
2014-05-20 21:08 |
2014-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258605
|
- |
|
livezilla
|
livezilla
|
LiveZilla before 5.1.2.1 includes the operator password in plaintext in Javascript code that is generated by lz/mobile/chat.php, which might allow remote attackers to obtain sensitive information and…
|
CWE-310
Cryptographic Issues
|
CVE-2013-7033
|
2014-05-20 21:03 |
2014-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258606
|
- |
|
openvas
|
openvas_administrator
|
OpenVAS Administrator 1.2 before 1.2.2 and 1.3 before 1.3.2 allows remote attackers to bypass the OAP authentication restrictions and execute OAP commands via a crafted OAP request for version inform…
|
CWE-287
Improper Authentication
|
CVE-2013-6766
|
2014-05-20 20:37 |
2014-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258607
|
- |
|
vicidial
|
vicidial
|
Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQ…
|
CWE-89
SQL Injection
|
CVE-2013-4467
|
2014-05-20 13:06 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258608
|
- |
|
netweblogic
|
events_manager
events_manager_pro
|
Multiple cross-site scripting (XSS) vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before 2.2.9 for WordPress allow remote attackers to inject arbitrary web s…
|
CWE-79
Cross-site Scripting
|
CVE-2013-1407
|
2014-05-20 13:00 |
2014-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258609
|
- |
|
unrealircd
|
unrealircd
|
UnrealIRCd 3.2.10 before 3.2.10.2 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via unspecified vectors, related to SSL. NOTE: this issue was SPLIT from C…
|
NVD-CWE-Other
|
CVE-2013-7384
|
2014-05-20 04:23 |
2014-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258610
|
- |
|
unrealircd
|
unrealircd
|
Per: http://cwe.mitre.org/data/definitions/476.html
"CWE-476: NULL Pointer Dereference"
|
NVD-CWE-Other
|
CVE-2013-7384
|
2014-05-20 04:23 |
2014-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
