259781
|
- |
|
hot
|
hotbox_router_firmware hotbox_router
|
Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not…
|
CWE-79
Cross-site Scripting
|
CVE-2013-5218
|
2013-12-31 04:27 |
2013-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259782
|
- |
|
hot
|
hotbox_router_firmware hotbox_router
|
Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in a URI, as demonstrated by a request for /etc/pass…
|
CWE-22
Path Traversal
|
CVE-2013-5219
|
2013-12-31 04:26 |
2013-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259783
|
- |
|
hot
|
hotbox_router_firmware hotbox_router
|
Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for re…
|
CWE-352
Origin Validation Error
|
CVE-2013-5039
|
2013-12-31 04:25 |
2013-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259784
|
- |
|
hot
|
hotbox_router_firmware hotbox_router
|
The HOT HOTBOX router with software 2.1.11 allows remote attackers to bypass authentication by configuring a source IP address that had previously been used for an authenticated session.
|
CWE-287
Improper Authentication
|
CVE-2013-5038
|
2013-12-31 04:14 |
2013-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259785
|
- |
|
hot
|
hotbox_router_firmware hotbox_router
|
The HOT HOTBOX router with software 2.1.11 has a default WPS PIN of 12345670, which makes it easier for remote attackers to obtain the WPA or WPA2 pre-shared key via EAP messages.
|
CWE-255
Credentials Management
|
CVE-2013-5037
|
2013-12-31 04:12 |
2013-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259786
|
- |
|
microsoft
|
windows_movie_maker
|
Microsoft Windows Movie Maker 2.1.4026.0 on Windows XP SP3 allows remote attackers to cause a denial of service (application crash) via a crafted .wav file, as demonstrated by movieMaker.wav.
|
CWE-20
Improper Input Validation
|
CVE-2013-4858
|
2013-12-31 03:50 |
2013-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259787
|
- |
|
irfanview
|
irfanview
|
Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly han…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-6932
|
2013-12-31 01:48 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259788
|
- |
|
cybozu
|
garoon
|
SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input.
|
CWE-89
SQL Injection
|
CVE-2013-6929
|
2013-12-31 01:39 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259789
|
- |
|
realvnc
|
realvnc
|
RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6886
|
2013-12-31 01:33 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259790
|
- |
|
zend
|
zendto
|
Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php.
|
CWE-79
Cross-site Scripting
|
CVE-2013-6808
|
2013-12-31 01:14 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|