|
259801
|
- |
|
optimizepress
|
optimizepress
|
Multiple unrestricted file upload vulnerabilities in (1) media-upload.php, (2) media-upload-lncthumb.php, and (3) media-upload-sq_button.php in lib/admin/ in the OptimizePress theme before 1.61 for W…
|
CWE-20
Improper Input Validation
|
CVE-2013-7102
|
2013-12-25 07:07 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259802
|
- |
|
debian
fedoraproject
phil_schwartz
|
debian_linux
fedora
denyhosts
|
denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login n…
|
CWE-287
Improper Authentication
|
CVE-2013-6890
|
2013-12-25 02:16 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259803
|
- |
|
novell
|
client
|
The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on Windows allows local users to cause a denial of service (bugcheck and BSOD) via an IOCTL call for an invalid IOCTL.
|
CWE-20
Improper Input Validation
|
CVE-2013-3705
|
2013-12-24 07:29 |
2013-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259804
|
- |
|
cisco
|
nx-os
|
Directory traversal vulnerability in filesys in Cisco NX-OS 6.1(2) and earlier allows local users to access arbitrary files via crafted command-line arguments during a delete action, aka Bug IDs CSCt…
|
CWE-22
Path Traversal
|
CVE-2012-4135
|
2013-12-24 02:15 |
2013-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259805
|
- |
|
cisco
|
nx-os
|
Directory traversal vulnerability in tar in Cisco NX-OS allows local users to access arbitrary files via crafted command-line arguments, aka Bug IDs CSCty07157, CSCty07159, CSCty07162, and CSCty07164.
|
CWE-22
Path Traversal
|
CVE-2012-4131
|
2013-12-24 01:09 |
2013-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259806
|
- |
|
idleman
|
leed
|
Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for un…
|
CWE-352
Origin Validation Error
|
CVE-2013-2628
|
2013-12-24 00:28 |
2013-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259807
|
- |
|
idleman
|
leed
|
SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action.
|
CWE-89
SQL Injection
|
CVE-2013-2627
|
2013-12-24 00:27 |
2013-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259808
|
- |
|
fujitsu
|
interstage_application_server
interstage_studio
|
Buffer overflow in the Interstage HTTP Server log functionality, as used in Fujitsu Interstage Application Server 9.0.0, 9.1.0, 9.2.0, 9.3.1, and 10.0.0; and Interstage Studio 9.0.0, 9.1.0, 9.2.0, an…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-7105
|
2013-12-20 13:39 |
2013-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259809
|
- |
|
projectsprouts
|
sprout
|
The unpack_zip function in archive_unpacker.rb in the sprout gem 0.7.246 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a (1) filename or (2) pa…
|
CWE-94
Code Injection
|
CVE-2013-6421
|
2013-12-20 13:38 |
2013-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259810
|
- |
|
zippyyum
|
subway_ordering_for_california
|
The ZippyYum Subway CA Kiosk app 3.4 for iOS uses cleartext storage in SQLite cache databases, which allows attackers to obtain sensitive information by reading data elements, as demonstrated by pass…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6986
|
2013-12-20 13:38 |
2013-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
