244051
|
4.3 |
MEDIUM
|
cogentdatahub
|
cogent_datahub
|
Cross-site scripting (XSS) vulnerability in Cogent DataHub before 7.3.5 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-2353
|
2014-06-5 21:36 |
2014-05-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244052
|
5.0 |
MEDIUM
|
trianglemicroworks
|
scada_data_gateway
|
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows remote attackers to cause a denial of service (excessive data processing) via a crafted DNP3 packet.
|
CWE-20
不適切な入力確認
|
CVE-2014-2342
|
2014-06-5 21:32 |
2014-05-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244053
|
5.5 |
MEDIUM
|
owncloud
|
owncloud
|
ownCloud Server before 5.0.16 and 6.0.x before 6.0.3 does not check permissions to the files_external application, which allows remote authenticated users to add external storage via unspecified vect…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-3835
|
2014-06-5 20:10 |
2014-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244054
|
6.5 |
MEDIUM
|
postfix_admin_project
|
postfix_admin
|
SQL injection vulnerability in the gen_show_status function in functions.inc.php in Postfix Admin (aka postfixadmin) before 2.3.7 allows remote authenticated users to execute arbitrary SQL commands v…
|
CWE-89
SQLインジェクション
|
CVE-2014-2655
|
2014-06-5 13:31 |
2014-04-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244055
|
7.1 |
HIGH
|
debian
|
dpkg
|
dpkg 1.15.9 on Debian squeeze introduces support for the "C-style encoded filenames" feature without recognizing that the squeeze patch program lacks this feature, which triggers an interaction error…
|
CWE-22
パス・トラバーサル
|
CVE-2014-3127
|
2014-06-5 13:31 |
2014-05-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244056
|
7.5 |
HIGH
|
owncloud
|
owncloud
|
ownCloud Server before 6.0.3 does not properly check permissions, which allows remote authenticated users to (1) access the contacts of other users via the address book or (2) rename files via unspec…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-3834
|
2014-06-5 04:10 |
2014-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244057
|
4.3 |
MEDIUM
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in the (1) Gallery and (2) core components in ownCloud Server before 5.016 and 6.0.x before 6.0.3 allow remote attackers to inject arbitrary web sc…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-3833
|
2014-06-5 04:09 |
2014-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244058
|
4.3 |
MEDIUM
|
owncloud
|
owncloud
|
Cross-site scripting (XSS) vulnerability in the Documents component in ownCloud Server 6.0.x before 6.0.3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors, possi…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-3832
|
2014-06-5 04:06 |
2014-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244059
|
7.5 |
HIGH
|
owncloud phpdocx
|
owncloud phpdocx
|
PHPDocX, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via an XML External…
|
NVD-CWE-Other
|
CVE-2014-2056
|
2014-06-5 03:41 |
2014-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244060
|
7.5 |
HIGH
|
owncloud phpdocx
|
owncloud phpdocx
|
Per: http://cwe.mitre.org/data/definitions/611.html
"CWE-611: Improper Restriction of XML External Entity Reference ('XXE')"
|
NVD-CWE-Other
|
CVE-2014-2056
|
2014-06-5 03:41 |
2014-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244061
|
7.5 |
HIGH
|
fruux owncloud
|
sabredav owncloud
|
SabreDAV before 1.7.11, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, allows remote attackers to read arbitrary files, cause a denial of service, or possibly have other impact via …
|
NVD-CWE-Other
|
CVE-2014-2055
|
2014-06-5 03:38 |
2014-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244062
|
7.5 |
HIGH
|
fruux owncloud
|
sabredav owncloud
|
Per: http://cwe.mitre.org/data/definitions/611.html
"CWE-611: Improper Restriction of XML External Entity Reference ('XXE')"
|
NVD-CWE-Other
|
CVE-2014-2055
|
2014-06-5 03:38 |
2014-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244063
|
7.5 |
HIGH
|
owncloud phpexcel_project
|
owncloud phpexcel
|
PHPExcel before 1.8.0, as used in ownCloud Server before 5.0.15 and 6.0.x before 6.0.2, does not disable external entity loading in libxml, which allows remote attackers to read arbitrary files, caus…
|
NVD-CWE-Other
|
CVE-2014-2054
|
2014-06-5 03:34 |
2014-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244064
|
7.5 |
HIGH
|
owncloud phpexcel_project
|
owncloud phpexcel
|
Per: http://cwe.mitre.org/data/definitions/611.html
"CWE-611: Improper Restriction of XML External Entity Reference ('XXE')"
|
NVD-CWE-Other
|
CVE-2014-2054
|
2014-06-5 03:34 |
2014-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244065
|
5.0 |
MEDIUM
|
owncloud
|
owncloud
|
The installation routine in ownCloud Server before 4.0.14, 4.5.x before 4.5.9, and 5.0.x before 5.0.4 uses the time function to seed the generation of the PostgreSQL database user password, which mak…
|
CWE-310
暗号の問題
|
CVE-2013-1941
|
2014-06-5 03:18 |
2014-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244066
|
4.6 |
MEDIUM
|
owncloud
|
owncloud
|
settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings.
|
CWE-94
コード・インジェクション
|
CVE-2013-0204
|
2014-06-5 03:01 |
2014-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244067
|
4.0 |
MEDIUM
|
owncloud
|
owncloud
|
lib/base.php in ownCloud before 4.0.8 does not properly validate the user_id session variable, which allows remote authenticated users to read arbitrary files via vectors related to WebDAV.
|
CWE-20
不適切な入力確認
|
CVE-2012-5336
|
2014-06-5 02:28 |
2014-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244068
|
4.3 |
MEDIUM
|
owncloud
|
owncloud
|
CRLF injection vulnerability in ownCloud Server before 4.0.8 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via the url path parameter.
|
NVD-CWE-Other
|
CVE-2012-5057
|
2014-06-5 02:19 |
2014-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244069
|
4.3 |
MEDIUM
|
owncloud
|
owncloud
|
Per: http://cwe.mitre.org/data/definitions/93.html
"CWE-93: Improper Neutralization of CRLF Sequences ('CRLF Injection')"
|
NVD-CWE-Other
|
CVE-2012-5057
|
2014-06-5 02:19 |
2014-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244070
|
4.3 |
MEDIUM
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 4.0.8 allow remote attackers to inject arbitrary web script or HTML via the (1) readyCallback parameter to apps/files_odf…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-5056
|
2014-06-5 02:15 |
2014-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244071
|
4.0 |
MEDIUM
|
typo3
|
typo3
|
The query caching functionality in the Extbase Framework component in TYPO3 6.2.0 before 6.2.3 does not properly validate group permissions, which allows remote authenticated users to read arbitrary …
|
CWE-200
情報漏えい
|
CVE-2014-3946
|
2014-06-5 00:26 |
2014-06-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244072
|
4.0 |
MEDIUM
|
typo3
|
typo3
|
The Authentication component in TYPO3 before 6.2, when salting for password hashing is disabled, does not require knowledge of the cleartext password if the password hash is known, which allows remot…
|
CWE-287
不適切な認証
|
CVE-2014-3945
|
2014-06-5 00:24 |
2014-06-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244073
|
5.8 |
MEDIUM
|
typo3
|
typo3
|
The Authentication component in TYPO3 6.2.0 before 6.2.3 does not properly invalidate timed out user sessions, which allows remote attackers to bypass authentication via unspecified vectors.
|
CWE-287
不適切な認証
|
CVE-2014-3944
|
2014-06-5 00:15 |
2014-06-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244074
|
2.1 |
LOW
|
trianglemicroworks
|
scada_data_gateway
|
Triangle MicroWorks SCADA Data Gateway before 3.00.0635 allows physically proximate attackers to cause a denial of service (excessive data processing) via a crafted DNP request over a serial line.
|
CWE-20
不適切な入力確認
|
CVE-2014-2343
|
2014-06-4 23:00 |
2014-05-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244075
|
4.3 |
MEDIUM
|
alfresco
|
alfresco
|
Multiple cross-site scripting (XSS) vulnerabilities in Alfresco Enterprise before 4.1.6.13 allow remote attackers to inject arbitrary web script or HTML via (1) an XHTML document, (2) a <% tag, or (3…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-2939
|
2014-06-4 00:30 |
2014-06-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244076
|
7.5 |
HIGH
|
ajaydsouza
|
contextual_related_posts
|
SQL injection vulnerability in the Contextual Related Posts plugin before 1.8.10.2 for WordPress allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2014-3937
|
2014-06-4 00:09 |
2014-06-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244077
|
5.0 |
MEDIUM
|
redhat
|
openstack
|
The default configuration in the standalone controller quickstack manifest in openstack-foreman-installer, as used in Red Hat Enterprise Linux OpenStack Platform 4.0, disables authentication for Qpid…
|
CWE-287
不適切な認証
|
CVE-2013-6470
|
2014-06-4 00:00 |
2014-06-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244078
|
5.8 |
MEDIUM
|
danielkorte
|
nodeaccesskeys
|
The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-4596
|
2014-06-3 23:49 |
2014-06-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244079
|
6.8 |
MEDIUM
|
dleviet
|
datalife_engine
|
Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie.
|
NVD-CWE-Other
|
CVE-2013-7387
|
2014-06-3 22:10 |
2014-06-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244080
|
6.8 |
MEDIUM
|
dleviet
|
datalife_engine
|
Per: http://cwe.mitre.org/data/definitions/384.html
"CWE-384: Session Fixation"
|
NVD-CWE-Other
|
CVE-2013-7387
|
2014-06-3 22:10 |
2014-06-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244081
|
7.5 |
HIGH
|
dleviet
|
datalife_engine
|
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.
|
CWE-94
コード・インジェクション
|
CVE-2013-1412
|
2014-06-3 21:27 |
2014-06-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244082
|
6.8 |
MEDIUM
|
mediawiki
|
mediawiki
|
Session fixation vulnerability in the CentralAuth extension for MediaWiki before 1.18.6, 1.19.x before 1.19.3, and 1.20.x before 1.20.1 allows remote attackers to hijack web sessions via the centrala…
|
NVD-CWE-Other
|
CVE-2012-5395
|
2014-06-3 21:09 |
2014-06-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244083
|
6.8 |
MEDIUM
|
mediawiki
|
mediawiki
|
Per: http://cwe.mitre.org/data/definitions/384.html
"CWE-384: Session Fixation"
|
NVD-CWE-Other
|
CVE-2012-5395
|
2014-06-3 21:09 |
2014-06-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244084
|
4.3 |
MEDIUM
|
intel
|
indeo_video
|
ir41_32.ax 4.51.16.3 for Intel Indeo Video 4.5 allows remote attackers to cause a denial of service (crash) via a crafted .avi file.
|
CWE-119
バッファエラー
|
CVE-2014-3735
|
2014-06-3 20:45 |
2014-05-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244085
|
7.5 |
HIGH
|
xoops
|
glossaire_module
|
SQL injection vulnerability in glossaire-aff.php in the Glossaire module 1.0 for XOOPS allows remote attackers to execute arbitrary SQL commands via the lettre parameter.
|
CWE-89
SQLインジェクション
|
CVE-2014-3935
|
2014-06-3 20:08 |
2014-06-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244086
|
7.5 |
HIGH
|
phpnuke
|
php-nuke submit_news_module
|
SQL injection vulnerability in the Submit_News module for PHP-Nuke 8.3 allows remote attackers to execute arbitrary SQL commands via the topics[] parameter to modules.php.
|
CWE-89
SQLインジェクション
|
CVE-2014-3934
|
2014-06-3 20:03 |
2014-06-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244087
|
7.5 |
HIGH
|
cososys
|
endpoint_protector
|
SQL injection vulnerability in the device registration component in wsf/webservice.php in CoSoSys Endpoint Protector 4 4.3.0.4 and 4.4.0.2 allows remote attackers to execute arbitrary SQL commands vi…
|
CWE-89
SQLインジェクション
|
CVE-2014-3932
|
2014-06-3 19:49 |
2014-06-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244088
|
6.8 |
MEDIUM
|
debian
|
xbuffy
|
Stack-based buffer overflow in a certain Debian patch for xbuffy before 3.3.bl.3.dfsg-9 allows remote attackers to execute arbitrary code via the subject of an email, possibly related to indent subje…
|
CWE-119
バッファエラー
|
CVE-2014-0469
|
2014-05-31 13:30 |
2014-05-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244089
|
6.5 |
MEDIUM
|
typo3
|
typo3
|
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors t…
|
CWE-20
不適切な入力確認
|
CVE-2013-4250
|
2014-05-31 13:25 |
2014-05-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244090
|
10.0 |
HIGH
|
canonical
|
ltsp_display_manager ubuntu_linux
|
The default keybindings for wwm in LTSP Display Manager (ldm) 2.2.x before 2.2.7 allow remote attackers to execute arbitrary commands via the KP_RETURN keybinding, which launches a terminal window.
|
CWE-78
OSコマンド・インジェクション
|
CVE-2012-1166
|
2014-05-31 13:09 |
2014-05-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244091
|
5.1 |
MEDIUM
|
mp3info
|
mp3info
|
Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this …
|
NVD-CWE-Other
|
CVE-2006-2465
|
2014-05-31 11:22 |
2006-05-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244092
|
6.5 |
MEDIUM
|
jasig
|
uportal
|
uPortal before 4.0.13.1 does not properly check the CONFIG permission, which allows remote authenticated users to configure portlets by leveraging the SUBSCRIBE permission for a portlet.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-3417
|
2014-05-31 01:36 |
2014-05-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244093
|
6.5 |
MEDIUM
|
jasig
|
uportal
|
uPortal before 4.0.13.1 does not properly check the MANAGE permissions, which allows remote authenticated users to manage arbitrary portlets by leveraging the SUBSCRIBE permission for the portlet-adm…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-3416
|
2014-05-31 01:35 |
2014-05-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244094
|
4.3 |
MEDIUM
|
sosreport_project
|
sosreport
|
SOSreport stores the md5 hash of the GRUB bootloader password in an archive, which allows local users to obtain sensitive information by reading the archive.
|
CWE-255
証明書・パスワード管理
|
CVE-2014-0246
|
2014-05-30 22:59 |
2014-05-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244095
|
5.0 |
MEDIUM
|
google_authenticator_login_project
|
ga_login
|
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password …
|
CWE-287
不適切な認証
|
CVE-2013-4178
|
2014-05-30 22:35 |
2014-05-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244096
|
5.0 |
MEDIUM
|
google_authenticator_login_project
|
ga_login
|
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-4177
|
2014-05-30 22:34 |
2014-05-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244097
|
6.8 |
MEDIUM
|
mail_on_update_project
|
mail_on_update
|
Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2013-2107
|
2014-05-30 09:32 |
2014-05-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244098
|
2.1 |
LOW
|
robert_ancell canonical
|
lightdm ubuntu_linux
|
debian/guest-account in Light Display Manager (lightdm) 1.0.x before 1.0.6 and 1.1.x before 1.1.7, as used in Ubuntu Linux 11.10, allows local users to delete arbitrary files via a space in the name …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-0943
|
2014-05-30 09:19 |
2014-05-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244099
|
6.8 |
MEDIUM
|
apache
|
couchdb
|
Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to execute arbitrary code via a JSONP callback, related to Adobe Flash.
|
CWE-94
コード・インジェクション
|
CVE-2012-5649
|
2014-05-30 09:16 |
2014-05-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244100
|
4.3 |
MEDIUM
|
krisonav
|
krisonav
|
Cross-site scripting (XSS) vulnerability in services/get_article.php in KrisonAV CMS before 3.0.2 allows remote attackers to inject arbitrary web script or HTML via the content parameter.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-2712
|
2014-05-30 08:44 |
2014-05-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|