244251
|
5.0 |
MEDIUM
|
pidgin
|
pidgin
|
Buffer overflow in util.c in libpurple in Pidgin before 2.10.8 allows remote HTTP servers to cause a denial of service (application crash) or possibly have unspecified other impact via an invalid chu…
|
CWE-119
バッファエラー
|
CVE-2013-6485
|
2014-03-16 13:42 |
2014-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244252
|
9.3 |
HIGH
|
pidgin
|
pidgin
|
gtkutils.c in Pidgin before 2.10.8 on Windows allows user-assisted remote attackers to execute arbitrary programs via a message containing a file: URL that is improperly handled during construction o…
|
CWE-20
不適切な入力確認
|
CVE-2013-6486
|
2014-03-16 13:42 |
2014-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244253
|
2.1 |
LOW
|
redhat
|
icedtea-web
|
The LiveConnect implementation in plugin/icedteanp/IcedTeaNPPlugin.cc in IcedTea-Web before 1.4.2 allows local users to read the messages between a Java applet and a web browser by pre-creating a tem…
|
CWE-200
情報漏えい
|
CVE-2013-6493
|
2014-03-16 13:42 |
2014-03-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244254
|
4.3 |
MEDIUM
|
linux
|
linux_kernel
|
The ath9k_htc_set_bssid_mask function in drivers/net/wireless/ath/ath9k/htc_drv_main.c in the Linux kernel through 3.12 uses a BSSID masking approach to determine the set of MAC addresses on which a …
|
CWE-310
暗号の問題
|
CVE-2013-4579
|
2014-03-16 13:39 |
2013-11-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244255
|
4.3 |
MEDIUM
|
apple
|
iphone_os
|
Apple iOS 6.1.3 does not follow redirects during determination of the hostname to display in an iOS Enterprise Deployment installation dialog, which makes it easier for remote attackers to trigger in…
|
CWE-20
不適切な入力確認
|
CVE-2013-3948
|
2014-03-16 13:38 |
2013-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244256
|
4.3 |
MEDIUM
|
oracle
|
enterprise_manager_database_control enterprise_manager_grid_control
|
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5, and EM DB Control 11.1.0.7, 11.2.0.2, and 11.2.0.3, al…
|
NVD-CWE-noinfo
|
CVE-2013-0354
|
2014-03-16 13:33 |
2013-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244257
|
10.0 |
HIGH
|
oracle
|
database_lite database_mobile\/lite_server
|
Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality,…
|
NVD-CWE-noinfo
|
CVE-2013-0361
|
2014-03-16 13:33 |
2013-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244258
|
10.0 |
HIGH
|
oracle
|
database_lite database_mobile\/lite_server
|
Per: http://www.oracle.com/technetwork/topics/security/cpujan2013-1515902.html
'Oracle Database Mobile Server was formerly known as Oracle Database Lite for 10g.'
|
NVD-CWE-noinfo
|
CVE-2013-0361
|
2014-03-16 13:33 |
2013-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244259
|
7.8 |
HIGH
|
oracle
|
database_mobile\/lite_server
|
Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality …
|
NVD-CWE-noinfo
|
CVE-2013-0363
|
2014-03-16 13:33 |
2013-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244260
|
7.8 |
HIGH
|
oracle
|
database_lite database_mobile\/lite_server
|
Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality …
|
NVD-CWE-noinfo
|
CVE-2013-0364
|
2014-03-16 13:33 |
2013-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244261
|
10.0 |
HIGH
|
oracle
|
database_mobile\/lite_server
|
Unspecified vulnerability in the Mobile Server component in Oracle Database Mobile/Lite Server (formerly Oracle Database Lite) 10.3.0.3 and 11.1.0.0 allows remote attackers to affect confidentiality,…
|
NVD-CWE-noinfo
|
CVE-2013-0366
|
2014-03-16 13:33 |
2013-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244262
|
6.4 |
MEDIUM
|
oracle
|
e-business_suite
|
Unspecified vulnerability in the Oracle CRM Technical Foundation component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via…
|
NVD-CWE-noinfo
|
CVE-2013-0381
|
2014-03-16 13:33 |
2013-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244263
|
6.4 |
MEDIUM
|
oracle
|
e-business_suite
|
Unspecified vulnerability in the Oracle Applications Framework component in Oracle E-Business Suite 11.5.10.2, 12.0.6, and 12.1.3 allows remote attackers to affect confidentiality and integrity via u…
|
NVD-CWE-noinfo
|
CVE-2013-0397
|
2014-03-16 13:33 |
2013-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244264
|
5.0 |
MEDIUM
|
pidgin
|
pidgin
|
The Yahoo! protocol plugin in libpurple in Pidgin before 2.10.8 does not properly validate UTF-8 data, which allows remote attackers to cause a denial of service (application crash) via crafted byte …
|
CWE-20
不適切な入力確認
|
CVE-2012-6152
|
2014-03-16 13:31 |
2014-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244265
|
6.4 |
MEDIUM
|
oracle
|
e-business_suite
|
Unspecified vulnerability in the Oracle Universal Work Queue component in Oracle E-Business Suite 11.5.10.2, 12.0.6, 12.1.1, 12.1.2, and 12.1.3 allows remote attackers to affect confidentiality and i…
|
NVD-CWE-noinfo
|
CVE-2012-3190
|
2014-03-16 13:26 |
2013-01-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244266
|
5.0 |
MEDIUM
|
cisco
|
cloud_portal
|
Intelligent Automation for Cloud (IAC) in Cisco Cloud Portal 9.4.1 and earlier includes a cryptographic key in binary files, which makes it easier for remote attackers to obtain cleartext data from a…
|
CWE-255
証明書・パスワード管理
|
CVE-2014-0694
|
2014-03-15 02:56 |
2014-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244267
|
10.0 |
HIGH
|
adobe
|
shockwave_player
|
Adobe Shockwave Player before 12.1.0.150 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unspecified vectors.
|
CWE-119
バッファエラー
|
CVE-2014-0505
|
2014-03-15 02:07 |
2014-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244268
|
8.8 |
HIGH
|
apple
|
iphone_os
|
Backup in Apple iOS before 7.1 does not properly restrict symlinks, which allows remote attackers to overwrite files during a restore operation via crafted backup data.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5133
|
2014-03-15 01:40 |
2014-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244269
|
5.0 |
MEDIUM
|
powerarchiver
|
powerarchiver
|
The Encrypt Files feature in ConeXware PowerArchiver before 14.02.05 uses legacy ZIP encryption even if the AES 256-bit selection is chosen, which makes it easier for context-dependent attackers to o…
|
CWE-310
暗号の問題
|
CVE-2014-2319
|
2014-03-15 01:37 |
2014-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244270
|
5.0 |
MEDIUM
|
apple
|
iphone_os
|
SpringBoard Lock Screen in Apple iOS before 7.1 allows remote attackers to cause a denial of service (lock-screen hang) by leveraging a state-management error.
|
NVD-CWE-Other
|
CVE-2014-1286
|
2014-03-15 01:06 |
2014-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244271
|
5.0 |
MEDIUM
|
apple
|
iphone_os
|
Per: https://cwe.mitre.org/data/definitions/361.html
"CWE-361: Time and State"
|
NVD-CWE-Other
|
CVE-2014-1286
|
2014-03-15 01:06 |
2014-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244272
|
5.8 |
MEDIUM
|
apple
|
iphone_os
|
Springboard in Apple iOS before 7.1 allows physically proximate attackers to bypass intended access restrictions and read the home screen by leveraging an application crash during activation of an un…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-1285
|
2014-03-15 00:57 |
2014-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244273
|
1.9 |
LOW
|
apple
|
iphone_os
|
Photos Backend in Apple iOS before 7.1 does not properly manage the asset-library cache during deletions, which allows physically proximate attackers to obtain sensitive photo data by launching the P…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-1281
|
2014-03-15 00:50 |
2014-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244274
|
5.0 |
MEDIUM
|
apple
|
iphone_os
|
IOKit HID Event in Apple iOS before 7.1 allows attackers to conduct user-action monitoring attacks against arbitrary apps via a crafted app that accesses an IOKit framework interface.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-1276
|
2014-03-15 00:20 |
2014-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244275
|
2.1 |
LOW
|
apple
|
iphone_os
|
FaceTime in Apple iOS before 7.1 allows physically proximate attackers to obtain sensitive FaceTime contact information by using the lock screen for an invalid FaceTime call.
|
CWE-200
情報漏えい
|
CVE-2014-1274
|
2014-03-15 00:03 |
2014-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244276
|
6.8 |
MEDIUM
|
kasseler-cms
|
kasseler-cms
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2013-3729
|
2014-03-14 02:42 |
2014-03-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244277
|
7.5 |
HIGH
|
zldnn
|
dnnarticle
|
SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid…
|
CWE-89
SQLインジェクション
|
CVE-2013-5117
|
2014-03-14 01:06 |
2014-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244278
|
4.3 |
MEDIUM
|
dotnetnuke
|
dotnetnuke
|
Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
CWE-20
不適切な入力確認
|
CVE-2013-7335
|
2014-03-14 00:56 |
2014-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244279
|
3.5 |
LOW
|
dotnetnuke
|
dotnetnuke
|
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Disp…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-3943
|
2014-03-14 00:24 |
2014-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244280
|
7.5 |
HIGH
|
raoul_proenca
|
gnew
|
Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the gnew_language cookie.
|
CWE-22
パス・トラバーサル
|
CVE-2013-5639
|
2014-03-13 03:03 |
2014-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244281
|
7.5 |
HIGH
|
raoul_proenca
|
gnew
|
CVE-2013-5639 CVSS assessment per LFI:
https://www.htbridge.com/advisory/HTB23171
"1) PHP File Inclusion in Gnew: CVE-2013-5639
Vulnerability exists due to insufficient validation of user-supplie…
|
CWE-22
パス・トラバーサル
|
CVE-2013-5639
|
2014-03-13 03:03 |
2014-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244282
|
3.5 |
LOW
|
plone
|
plone
|
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) v…
|
CWE-20
不適切な入力確認
|
CVE-2013-4199
|
2014-03-12 10:48 |
2014-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244283
|
4.0 |
MEDIUM
|
plone
|
plone
|
mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password emai…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-4198
|
2014-03-12 10:44 |
2014-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244284
|
5.5 |
MEDIUM
|
plone
|
plone
|
member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors.
|
CWE-20
不適切な入力確認
|
CVE-2013-4197
|
2014-03-12 10:40 |
2014-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244285
|
5.0 |
MEDIUM
|
plone
|
plone
|
The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-4196
|
2014-03-12 10:37 |
2014-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244286
|
5.8 |
MEDIUM
|
plone
|
plone
|
Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attac…
|
CWE-20
不適切な入力確認
|
CVE-2013-4195
|
2014-03-12 10:30 |
2014-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244287
|
4.3 |
MEDIUM
|
plone
|
plone
|
The WYSIWYG component (wysiwyg.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers to obtain sensitive information via a crafted URL, which reveals the …
|
CWE-200
情報漏えい
|
CVE-2013-4194
|
2014-03-12 10:28 |
2014-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244288
|
4.3 |
MEDIUM
|
plone
|
plone
|
typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-4193
|
2014-03-12 10:24 |
2014-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244289
|
4.0 |
MEDIUM
|
plone
|
plone
|
sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors.
|
CWE-20
不適切な入力確認
|
CVE-2013-4192
|
2014-03-12 10:22 |
2014-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244290
|
5.8 |
MEDIUM
|
plone
|
plone
|
zip.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce access restrictions when including content in a zip archive, which allows remote attackers to o…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-4191
|
2014-03-12 10:10 |
2014-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244291
|
4.3 |
MEDIUM
|
plone
|
plone
|
Multiple cross-site scripting (XSS) vulnerabilities in (1) spamProtect.py, (2) pts.py, and (3) request.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attackers…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-4190
|
2014-03-12 10:06 |
2014-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244292
|
6.5 |
MEDIUM
|
plone
|
plone
|
Multiple unspecified vulnerabilities in (1) dataitems.py, (2) get.py, and (3) traverseName.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users w…
|
NVD-CWE-noinfo
|
CVE-2013-4189
|
2014-03-12 10:02 |
2014-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244293
|
4.3 |
MEDIUM
|
plone
|
plone
|
traverser.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote attackers with administrator privileges to cause a denial of service (infinite loop and resource cons…
|
CWE-399
リソース管理の問題
|
CVE-2013-4188
|
2014-03-12 09:59 |
2014-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244294
|
6.8 |
MEDIUM
|
umi-cms
|
umi.cms
|
Cross-site request forgery (CSRF) vulnerability in Umisoft UMI.CMS before 2.9 build 21905 allows remote attackers to hijack the authentication of administrators for requests that add administrator ac…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2013-2754
|
2014-03-12 09:47 |
2014-03-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244295
|
4.6 |
MEDIUM
|
catfish_project
|
catfish
|
Untrusted search path vulnerability in Catfish through 0.4.0.3 allows local users to gain privileges via a Trojan horse catfish.py in the current working directory.
|
NVD-CWE-Other
|
CVE-2014-2093
|
2014-03-12 01:57 |
2014-02-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244296
|
4.6 |
MEDIUM
|
catfish_project
|
catfish
|
Per: http://cwe.mitre.org/data/definitions/426.html
"CWE-426: Untrusted Search Path"
|
NVD-CWE-Other
|
CVE-2014-2093
|
2014-03-12 01:57 |
2014-02-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244297
|
4.6 |
MEDIUM
|
catfish_project
|
catfish
|
Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0 allows local users to gain privileges via a Trojan horse bin/catfish.py under the current working directory.
|
NVD-CWE-Other
|
CVE-2014-2096
|
2014-03-12 01:57 |
2014-02-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244298
|
4.6 |
MEDIUM
|
catfish_project
|
catfish
|
Per: http://cwe.mitre.org/data/definitions/426.html
"CWE-426: Untrusted Search Path"
|
NVD-CWE-Other
|
CVE-2014-2096
|
2014-03-12 01:57 |
2014-02-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244299
|
4.6 |
MEDIUM
|
catfish_project
|
catfish
|
Untrusted search path vulnerability in Catfish 0.6.0 through 1.0.0, when a Fedora package such as 0.8.2-1 is not used, allows local users to gain privileges via a Trojan horse bin/catfish.pyc under t…
|
NVD-CWE-Other
|
CVE-2014-2095
|
2014-03-12 01:56 |
2014-02-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244300
|
4.6 |
MEDIUM
|
catfish_project
|
catfish
|
Per: http://cwe.mitre.org/data/definitions/426.html
"CWE-426: Untrusted Search Path"
|
NVD-CWE-Other
|
CVE-2014-2095
|
2014-03-12 01:56 |
2014-02-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|