259461
|
- |
|
courion
|
access_risk_management_suite
|
The password reset feature in Courion Access Risk Management Suite Version 8 Update 9 allows remote authenticated users to bypass intended Internet Explorer usage restrictions and execute arbitrary c…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2747
|
2014-02-22 04:48 |
2014-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259462
|
- |
|
cybozu
|
garoon
|
SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x b…
|
CWE-89
SQL Injection
|
CVE-2013-6930
|
2014-02-22 04:45 |
2014-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259463
|
- |
|
cybozu
|
garoon
|
SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than …
|
CWE-89
SQL Injection
|
CVE-2013-6931
|
2014-02-22 04:44 |
2014-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259464
|
- |
|
hp
|
linux_imaging_and_printing_project
|
HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissions for /var/log/hp and /var/log/hp/tmp, which allows local users to delete log files via standard filesystem operation…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6108
|
2014-02-22 04:43 |
2014-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259465
|
- |
|
civicrm
|
civicrm
|
CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly enforce role-based access control (RBAC) restrictions for default custom searches, which allows remote authenticated users with t…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4661
|
2014-02-22 04:35 |
2014-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259466
|
- |
|
civicrm
|
civicrm
|
The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to …
|
CWE-89
SQL Injection
|
CVE-2013-4662
|
2014-02-22 04:29 |
2014-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259467
|
- |
|
springsignage
|
xibo
|
Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add a…
|
CWE-352
Origin Validation Error
|
CVE-2013-4889
|
2014-02-22 04:15 |
2014-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259468
|
- |
|
springsignage
|
xibo
|
Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page.
|
CWE-79
Cross-site Scripting
|
CVE-2013-4888
|
2014-02-22 04:13 |
2014-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259469
|
- |
|
op5
|
monitor
|
Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers to read arbitrary files via unknown vectors related to lack of authorization.
|
NVD-CWE-noinfo
|
CVE-2013-6141
|
2014-02-22 04:07 |
2014-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259470
|
- |
|
webhive
|
timeline
|
Unrestricted file upload vulnerability in the user profile page feature in the Timeline Plugin 4.2.5p9 for SocialEngine allows remote authenticated users to execute arbitrary code by uploading a file…
|
NVD-CWE-Other
|
CVE-2013-4898
|
2014-02-22 04:06 |
2014-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|