244201
|
6.5 |
MEDIUM
|
owncloud
|
owncloud
|
Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to ex…
|
CWE-94
コード・インジェクション
|
CVE-2013-1850
|
2014-03-26 06:04 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244202
|
3.5 |
LOW
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-2150
|
2014-03-26 06:03 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244203
|
3.5 |
LOW
|
owncloud
|
owncloud
|
Per: http://owncloud.org/about/security/advisories/oC-SA-2013-028/
"Cross-site scripting (XSS) vulnerabilities in js/viewer.js inside the files_videoviewer application via multiple unspecified vecto…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-2150
|
2014-03-26 06:03 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244204
|
6.8 |
MEDIUM
|
owncloud
|
owncloud
|
Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that ch…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2013-0301
|
2014-03-26 05:56 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244205
|
6.8 |
MEDIUM
|
owncloud
|
owncloud
|
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the default view vi…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2013-0300
|
2014-03-26 05:55 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244206
|
6.8 |
MEDIUM
|
owncloud
|
owncloud
|
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change t…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2013-0299
|
2014-03-26 05:49 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244207
|
6.8 |
MEDIUM
|
owncloud
|
owncloud
|
Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vect…
|
CWE-287
不適切な認証
|
CVE-2014-2047
|
2014-03-26 04:36 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244208
|
5.0 |
MEDIUM
|
owncloud
|
owncloud
|
The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-2049
|
2014-03-26 04:32 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244209
|
4.3 |
MEDIUM
|
open-xchange
|
open-xchange_appsuite
|
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or H…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-2077
|
2014-03-25 07:55 |
2014-03-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244210
|
5.0 |
MEDIUM
|
cisco
|
webex_meeting_center
|
WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access…
|
CWE-200
情報漏えい
|
CVE-2014-0708
|
2014-03-25 07:48 |
2014-03-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244211
|
4.3 |
MEDIUM
|
videolan
|
vlc_media_player
|
VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file.
|
CWE-399
リソース管理の問題
|
CVE-2013-7340
|
2014-03-25 07:47 |
2014-03-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244212
|
6.5 |
MEDIUM
|
owncloud
|
owncloud
|
Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue …
|
NVD-CWE-noinfo
|
CVE-2013-7344
|
2014-03-25 07:28 |
2014-03-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244213
|
4.3 |
MEDIUM
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-2057
|
2014-03-25 07:16 |
2014-03-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244214
|
4.3 |
MEDIUM
|
mcafee
|
cloud_single_sign_on
|
Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-2586
|
2014-03-25 07:15 |
2014-03-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244215
|
4.9 |
MEDIUM
|
owncloud
|
owncloud
|
ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration.
|
CWE-20
不適切な入力確認
|
CVE-2014-2585
|
2014-03-25 02:10 |
2014-03-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244216
|
6.5 |
MEDIUM
|
owncloud
|
owncloud
|
Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: th…
|
NVD-CWE-noinfo
|
CVE-2013-0303
|
2014-03-25 01:38 |
2014-03-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244217
|
4.3 |
MEDIUM
|
flowplayer
|
flowplayer_html5
|
Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-7343
|
2014-03-25 00:16 |
2014-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244218
|
4.3 |
MEDIUM
|
flowplayer
|
flowplayer_html5
|
Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback para…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-7342
|
2014-03-25 00:14 |
2014-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244219
|
5.8 |
MEDIUM
|
estrongs
|
es_file_explorer
|
Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors.
|
CWE-22
パス・トラバーサル
|
CVE-2014-1970
|
2014-03-21 02:12 |
2014-03-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244220
|
4.3 |
MEDIUM
|
estrongs
|
es_file_explorer
|
The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for Android does not properly restrict access, which allows remote attackers to read arbitrary files via vectors involving an unspeci…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-0322
|
2014-03-21 02:09 |
2012-03-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244221
|
6.8 |
MEDIUM
|
nttdocomo
|
spmode_mail_android
|
The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail e…
|
CWE-94
コード・インジェクション
|
CVE-2014-1979
|
2014-03-21 01:36 |
2014-03-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244222
|
4.3 |
MEDIUM
|
nttdocomo
|
spmode_mail_android
|
The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-1977
|
2014-03-21 01:03 |
2014-03-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244223
|
4.3 |
MEDIUM
|
nttdocomo
|
spmode_mail_android
|
The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card d…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-1978
|
2014-03-21 01:02 |
2014-03-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244224
|
9.3 |
HIGH
|
xnview
|
xnview
|
Integer overflow in xnview.exe in XnView 2.13 allows remote attackers to execute arbitrary code via a large NUM_ELEMENTS field in an IFD_ENTRY structure in a JXR file, which triggers a heap-based buf…
|
CWE-189
数値処理の問題
|
CVE-2013-3938
|
2014-03-19 22:59 |
2014-03-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244225
|
4.3 |
MEDIUM
|
sophos
|
web_appliance_firmware web_appliance
|
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action t…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-2643
|
2014-03-19 22:55 |
2014-03-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244226
|
9.3 |
HIGH
|
sophos
|
web_appliance_firmware web_appliance
|
Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation va…
|
CWE-78
OSコマンド・インジェクション
|
CVE-2013-2642
|
2014-03-19 22:54 |
2014-03-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244227
|
5.0 |
MEDIUM
|
sophos
|
web_appliance_firmware web_appliance
|
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.
|
CWE-22
パス・トラバーサル
|
CVE-2013-2641
|
2014-03-19 22:48 |
2014-03-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244228
|
5.8 |
MEDIUM
|
yumenomachi
|
demaecan
|
The Demaecan application 2.1.0 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information …
|
CWE-310
暗号の問題
|
CVE-2014-1976
|
2014-03-19 01:05 |
2014-03-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244229
|
5.0 |
MEDIUM
|
owncloud
|
owncloud
|
The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file.
|
CWE-200
情報漏えい
|
CVE-2013-2086
|
2014-03-18 00:43 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244230
|
2.1 |
LOW
|
owncloud
|
owncloud
|
The login page (aka index.php) in ownCloud before 5.0.6 does not disable the autocomplete setting for the password parameter, which makes it easier for physically proximate attackers to guess the pas…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-2047
|
2014-03-18 00:37 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244231
|
4.6 |
MEDIUM
|
owncloud
|
owncloud
|
Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the …
|
NVD-CWE-Other
|
CVE-2013-2089
|
2014-03-18 00:36 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244232
|
4.6 |
MEDIUM
|
owncloud
|
owncloud
|
Per: https://cwe.mitre.org/data/definitions/184.html
"CWE-184: Incomplete Blacklist"
|
NVD-CWE-Other
|
CVE-2013-2089
|
2014-03-18 00:36 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244233
|
6.5 |
MEDIUM
|
owncloud
|
owncloud
|
ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF t…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-2048
|
2014-03-18 00:26 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244234
|
5.8 |
MEDIUM
|
owncloud
|
owncloud
|
Open redirect vulnerability in the Login Page (index.php) in ownCloud before 5.0.6 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the redir…
|
CWE-20
不適切な入力確認
|
CVE-2013-2044
|
2014-03-18 00:24 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244235
|
4.0 |
MEDIUM
|
owncloud
|
owncloud
|
apps/calendar/ajax/events.php in ownCloud before 4.5.11 and 5.x before 5.0.6 does not properly check the ownership of a calendar, which allows remote authenticated users to download arbitrary calenda…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-2043
|
2014-03-18 00:22 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244236
|
3.5 |
LOW
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-2042
|
2014-03-18 00:19 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244237
|
3.5 |
LOW
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via the (1) tag parameter to apps/bookmarks/…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-2041
|
2014-03-18 00:17 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244238
|
3.5 |
LOW
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.15, 4.5.x before 4.5.11, and 5.0.x before 5.0.6 allow remote authenticated users to inject arbitrary web script or HTML via …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-2040
|
2014-03-18 00:15 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244239
|
4.0 |
MEDIUM
|
owncloud
|
owncloud
|
Directory traversal vulnerability in lib/files/view.php in ownCloud before 4.0.15, 4.5.x 4.5.11, and 5.x before 5.0.6 allows remote authenticated users to access arbitrary files via unspecified vecto…
|
CWE-22
パス・トラバーサル
|
CVE-2013-2039
|
2014-03-18 00:14 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244240
|
4.0 |
MEDIUM
|
owncloud
|
owncloud
|
The contacts application in ownCloud before 4.5.10 and 5.x before 5.0.5 does not properly check the ownership of contacts, which allows remote authenticated users to download arbitrary contacts via u…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-1963
|
2014-03-18 00:10 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244241
|
7.2 |
HIGH
|
juniper
|
ive_os
|
Unspecified vulnerability in the Linux Network Connect client in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r18, 7.3 before 7.3r10, 7.4 before 7.4r8, and 8.0 before…
|
NVD-CWE-noinfo
|
CVE-2014-2292
|
2014-03-17 22:57 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244242
|
4.4 |
MEDIUM
|
canonical debian fedoraproject linuxfoundation
|
ubuntu_linux debian_linux fedora cups-filters
|
The OPVPWrapper::loadDriver function in oprs/OPVPWrapper.cxx in the pdftoopvp filter in CUPS and cups-filters before 1.0.47 allows local users to gain privileges via a Trojan horse driver in the same…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-6476
|
2014-03-17 22:10 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244243
|
5.0 |
MEDIUM
|
pidgin
|
pidgin
|
The IRC protocol plugin in libpurple in Pidgin before 2.10.8 does not validate argument counts, which allows remote IRC servers to cause a denial of service (application crash) via a crafted message.
|
CWE-20
不適切な入力確認
|
CVE-2014-0020
|
2014-03-16 13:43 |
2014-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244244
|
5.0 |
MEDIUM
|
pidgin
|
pidgin
|
Multiple integer signedness errors in libpurple in Pidgin before 2.10.8 allow remote attackers to cause a denial of service (application crash) via a crafted timestamp value in an XMPP message.
|
CWE-189
数値処理の問題
|
CVE-2013-6477
|
2014-03-16 13:42 |
2014-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244245
|
4.3 |
MEDIUM
|
pidgin
|
pidgin
|
gtkimhtml.c in Pidgin before 2.10.8 does not properly interact with underlying library support for wide Pango layouts, which allows user-assisted remote attackers to cause a denial of service (applic…
|
CWE-20
不適切な入力確認
|
CVE-2013-6478
|
2014-03-16 13:42 |
2014-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244246
|
5.0 |
MEDIUM
|
pidgin
|
pidgin
|
util.c in libpurple in Pidgin before 2.10.8 does not properly allocate memory for HTTP responses that are inconsistent with the Content-Length header, which allows remote HTTP servers to cause a deni…
|
CWE-399
リソース管理の問題
|
CVE-2013-6479
|
2014-03-16 13:42 |
2014-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244247
|
5.0 |
MEDIUM
|
pidgin
|
pidgin
|
libpurple/protocols/yahoo/libymsg.c in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (crash) via a Yahoo! P2P message with a crafted length field, which triggers a buffer …
|
CWE-119
バッファエラー
|
CVE-2013-6481
|
2014-03-16 13:42 |
2014-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244248
|
5.0 |
MEDIUM
|
pidgin
|
pidgin
|
Pidgin before 2.10.8 allows remote MSN servers to cause a denial of service (NULL pointer dereference and crash) via a crafted (1) SOAP response, (2) OIM XML response, or (3) Content-Length header.
|
CWE-20
不適切な入力確認
|
CVE-2013-6482
|
2014-03-16 13:42 |
2014-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244249
|
6.4 |
MEDIUM
|
pidgin
|
pidgin
|
The XMPP protocol plugin in libpurple in Pidgin before 2.10.8 does not properly determine whether the from address in an iq reply is consistent with the to address in an iq request, which allows remo…
|
CWE-20
不適切な入力確認
|
CVE-2013-6483
|
2014-03-16 13:42 |
2014-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244250
|
5.0 |
MEDIUM
|
pidgin
|
pidgin
|
The STUN protocol implementation in libpurple in Pidgin before 2.10.8 allows remote STUN servers to cause a denial of service (out-of-bounds write operation and application crash) by triggering a soc…
|
CWE-20
不適切な入力確認
|
CVE-2013-6484
|
2014-03-16 13:42 |
2014-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|