258651
|
- |
|
vicidial
|
vicidial
|
Per: http://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
NVD-CWE-Other
|
CVE-2013-4468
|
2014-05-15 22:16 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258652
|
- |
|
katello
|
katello_installer
|
Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by readi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4455
|
2014-05-15 22:11 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258653
|
- |
|
openx
|
openx
|
Multiple directory traversal vulnerabilities in OpenX before 2.8.10 revision 82710 allow remote administrators to read arbitrary files via a .. (dot dot) in the group parameter to (1) plugin-preferen…
|
CWE-22
Path Traversal
|
CVE-2013-3514
|
2014-05-15 22:01 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258654
|
- |
|
webmaster-source
|
wp125
|
Cross-site request forgery (CSRF) vulnerability in the Add/Edit page (adminmenus.php) in the WP125 plugin before 1.5.0 for WordPress allows remote attackers to hijack the authentication of administra…
|
CWE-352
Origin Validation Error
|
CVE-2013-2700
|
2014-05-15 21:53 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258655
|
- |
|
glpi-project
|
glpi
|
Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) fi…
|
CWE-89
SQL Injection
|
CVE-2013-2226
|
2014-05-15 21:44 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258656
|
- |
|
galleryproject
|
gallery
|
Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) movie title to modules/gallery/controllers/movi…
|
CWE-79
Cross-site Scripting
|
CVE-2013-2087
|
2014-05-15 21:42 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258657
|
- |
|
intersectalliance
|
system_intrusion_analysis_and_reporting_environment
|
Cross-site scripting (XSS) vulnerability in the events page in the System iNtrusion Analysis and Reporting Environment (SNARE) for Linux agent before 1.7.0 allows remote attackers to inject arbitrary…
|
CWE-79
Cross-site Scripting
|
CVE-2011-5249
|
2014-05-15 21:21 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258658
|
- |
|
broadcom
|
pipa_c211_web_interface pipa_c211
|
cgi-bin/rpcBridge in the web interface 1.1 on Broadcom Ltd PIPA C211 rev2 does not properly restrict access, which allows remote attackers to (1) obtain credentials and other sensitive information vi…
|
CWE-310
Cryptographic Issues
|
CVE-2014-2046
|
2014-05-15 03:55 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258659
|
- |
|
foscam
|
ip_camera_firmware
|
Foscam IP camera 11.37.2.49 and other versions, when using the Foscam DynDNS option, generates credentials based on predictable camera subdomain names, which allows remote attackers to spoof or hijac…
|
CWE-255
Credentials Management
|
CVE-2014-1849
|
2014-05-15 03:43 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258660
|
- |
|
oracle
|
openjdk
|
Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-0462.
|
NVD-CWE-noinfo
|
CVE-2014-2405
|
2014-05-15 03:34 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|