259071
|
- |
|
koushik_dutta google
|
superuser android
|
The CyanogenMod/ClockWorkMod/Koush Superuser package 1.0.2.1 for Android 4.3 and 4.4 does not properly restrict the set of users who can execute /system/xbin/su with the --daemon option, which allows…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6770
|
2014-04-4 02:09 |
2014-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259072
|
- |
|
b2evolution
|
b2evolution
|
Cross-site request forgery (CSRF) vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL inj…
|
CWE-352
Origin Validation Error
|
CVE-2013-7352
|
2014-04-4 00:36 |
2014-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259073
|
- |
|
dotcms
|
dotcms
|
Multiple cross-site scripting (XSS) vulnerabilities in dotCMS before 2.3.2 allow remote attackers to inject arbitrary web script or HTML via the (1) _loginUserName parameter to application/login/logi…
|
CWE-79
Cross-site Scripting
|
CVE-2013-3484
|
2014-04-4 00:13 |
2014-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259074
|
- |
|
apple
|
safari
|
WebKit, as used in Apple Safari before 6.1.3 and 7.x before 7.0.3, does not properly validate WebProcess IPC messages, which allows remote attackers to bypass a sandbox protection mechanism and read …
|
CWE-20
Improper Input Validation
|
CVE-2014-1297
|
2014-04-3 02:07 |
2014-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259075
|
- |
|
cisco
|
security_manager
|
CRLF injection vulnerability in the web framework in Cisco Security Manager 4.2 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a crafted URL,…
|
CWE-20
Improper Input Validation
|
CVE-2014-2138
|
2014-04-3 01:56 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259076
|
- |
|
cisco
|
web_security_virtual_appliance web_security_appliance
|
CRLF injection vulnerability in the web framework in Cisco Web Security Appliance (WSA) 7.7 and earlier allows remote attackers to inject arbitrary HTTP headers and conduct redirection attacks via a …
|
CWE-20
Improper Input Validation
|
CVE-2014-2137
|
2014-04-3 01:28 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259077
|
- |
|
pearson
|
esis_enterprise_student_information_system
|
Cross-site scripting (XSS) vulnerability in aal/loginverification.aspx in Pearson eSIS Enterprise Student Information System allows remote attackers to inject arbitrary web script or HTML via unspeci…
|
CWE-79
Cross-site Scripting
|
CVE-2014-1942
|
2014-04-3 01:05 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259078
|
- |
|
zyxel
|
p-660h-61 p-660h-63 p-660h-67 p-660h-d1 p-660h-d3 p-660h-t1 p-660h-t3 p-660hw p-660hw_d1 p-660hw_d3 p-660hw_t3
|
The web management interface on Zyxel P660 devices allows remote attackers to cause a denial of service (reboot) via a flood of TCP SYN packets.
|
CWE-20
Improper Input Validation
|
CVE-2013-3588
|
2014-04-3 00:29 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259079
|
- |
|
posh_project
|
posh
|
The remember me feature in portal/scr_authentif.php in POSH (aka Posh portal or Portaneo) 3.0, 3.2.1, 3.3.0, and earlier stores the username and MD5 digest of the password in cleartext in a cookie, w…
|
CWE-255
Credentials Management
|
CVE-2014-2212
|
2014-04-3 00:03 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259080
|
- |
|
horde
|
horde_application_framework
|
The framework/Util/lib/Horde/Variables.php script in the Util library in Horde before 5.1.1 allows remote attackers to conduct object injection attacks and execute arbitrary PHP code via a crafted se…
|
CWE-94
Code Injection
|
CVE-2014-1691
|
2014-04-2 23:50 |
2014-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|