258621
|
- |
|
leon_weber
|
pyxtrlock
|
pyxtrlock before 0.2 does not properly check the return values of the (1) xcb_grab_pointer and (2) xcb_grab_keyboard XCB library functions, which allows physically proximate attackers to gain access …
|
CWE-20
Improper Input Validation
|
CVE-2013-4427
|
2014-05-20 03:11 |
2014-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258622
|
- |
|
leon_weber
|
pyxtrlock
|
pyxtrlock before 0.1 uses an incorrect variable name, which allows physically proximate attackers to bypass the lock screen via multiple failed authentication attempts, which trigger a crash.
|
NVD-CWE-noinfo
|
CVE-2013-4426
|
2014-05-20 02:46 |
2014-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258623
|
- |
|
quick_tabs_module_project
|
quicktabs
|
The Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.6 for Drupal does not properly check block permissions, which allows remote attackers to obtain sensitiv…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4406
|
2014-05-20 02:10 |
2014-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258624
|
- |
|
apple
|
itunes
|
Apple iTunes before 11.2.1 on OS X sets world-writable permissions for /Users and /Users/Shared during reboots, which allows local users to modify files, and consequently obtain access to arbitrary u…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-1347
|
2014-05-20 01:52 |
2014-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258625
|
- |
|
florian_weber
|
spaces
|
The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes t…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4498
|
2014-05-20 01:45 |
2014-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258626
|
- |
|
gitlab
|
gitlab
|
The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code …
|
NVD-CWE-Other
|
CVE-2013-4489
|
2014-05-20 01:38 |
2014-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258627
|
- |
|
gitlab
|
gitlab
|
Per: http://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
NVD-CWE-Other
|
CVE-2013-4489
|
2014-05-20 01:38 |
2014-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258628
|
- |
|
flag_module_project
|
flag
|
Eval injection vulnerability in the flag_import_form_validate function in includes/flag.export.inc in the Flag module 7.x-3.0, 7.x-3.5, and earlier for Drupal allows remote authenticated administrato…
|
CWE-94
Code Injection
|
CVE-2014-3453
|
2014-05-20 01:32 |
2014-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258629
|
- |
|
vicidial
|
vicidial
|
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier has a hardcoded password of donotedit for the (1) VDAD and (2) VDCL users, which makes it easier for remote attackers to o…
|
CWE-255
Credentials Management
|
CVE-2013-7382
|
2014-05-20 00:46 |
2014-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258630
|
- |
|
spumko_project
|
hapi_server_framework
|
The hapi server framework 2.0.x and 2.1.x before 2.2.0 for Node.js allows remote attackers to cause a denial of service (file descriptor consumption and process crash) via unspecified vectors.
|
CWE-399
Resource Management Errors
|
CVE-2014-3742
|
2014-05-20 00:22 |
2014-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|