|
259691
|
- |
|
skyarts
|
neofiler
|
Directory traversal vulnerability in the NeoFiler application 5.4.3 and earlier, NeoFiler Free application 5.4.3 and earlier, and NeoFiler Lite application 2.4.2 and earlier for Android allows attack…
|
CWE-22
Path Traversal
|
CVE-2014-0805
|
2014-01-14 13:49 |
2014-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259692
|
- |
|
cru-inc
|
ditto_forensic_fieldstation_firmware
ditto_forensic_fieldstation
|
Multiple cross-site scripting (XSS) vulnerabilities in CRU Ditto Forensic FieldStation with firmware 2013Oct15a and earlier allow (1) remote attackers to inject arbitrary web script or HTML via the u…
|
CWE-79
Cross-site Scripting
|
CVE-2013-6882
|
2014-01-14 13:29 |
2013-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259693
|
- |
|
cru-inc
|
ditto_forensic_fieldstation_firmware
ditto_forensic_fieldstation
|
Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests …
|
CWE-352
Origin Validation Error
|
CVE-2013-6883
|
2014-01-14 13:29 |
2013-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259694
|
- |
|
typo3
|
typo3
|
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbit…
|
CWE-310
Cryptographic Issues
|
CVE-2013-7075
|
2014-01-14 13:29 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259695
|
- |
|
typo3
|
typo3
|
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers…
|
NVD-CWE-noinfo
|
CVE-2013-7080
|
2014-01-14 13:29 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259696
|
- |
|
typo3
|
typo3
|
The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary H…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7081
|
2014-01-14 13:29 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259697
|
- |
|
drupal
|
drupal
|
The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote att…
|
CWE-94
Code Injection
|
CVE-2013-6385
|
2014-01-14 13:28 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259698
|
- |
|
drupal
|
drupal
|
Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass in…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6386
|
2014-01-14 13:28 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259699
|
- |
|
hp
|
linux_imaging_and_printing_project
|
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local user…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4325
|
2014-01-14 13:27 |
2013-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259700
|
- |
|
redhat
|
enterprise_mrg
|
cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4404
|
2014-01-14 13:27 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
