244951
|
2.3 |
LOW
|
openstack
|
compute
|
The VMWare driver in OpenStack Compute (Nova) 2013.2 through 2013.2.2 does not properly put VMs into RESCUE status, which allows remote authenticated users to bypass the quota limit and cause a denia…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-2573
|
2014-03-26 22:41 |
2014-03-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244952
|
5.8 |
MEDIUM
|
siemens
|
simatic_s7-1500_cpu_firmware
|
Cross-site request forgery (CSRF) vulnerability on Siemens SIMATIC S7-1500 CPU PLC devices with firmware before 1.5.0 and SIMATIC S7-1200 CPU PLC devices with firmware before 4.0 allows remote attack…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2014-2249
|
2014-03-26 13:57 |
2014-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244953
|
5.0 |
MEDIUM
|
libpng
|
libpng
|
The png_push_read_chunk function in pngpread.c in the progressive decoder in libpng 1.6.x through 1.6.9 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via an…
|
CWE-189
数値処理の問題
|
CVE-2014-0333
|
2014-03-26 13:56 |
2014-02-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244954
|
1.9 |
LOW
|
libssh
|
libssh
|
The RAND_bytes function in libssh before 0.6.3, when forking is enabled, does not properly reset the state of the OpenSSL pseudo-random number generator (PRNG), which causes the state to be shared be…
|
CWE-310
暗号の問題
|
CVE-2014-0017
|
2014-03-26 13:55 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244955
|
7.5 |
HIGH
|
roundcube
|
webmail
|
steps/utils/save_pref.inc in Roundcube webmail before 0.8.7 and 0.9.x before 0.9.5 allows remote attackers to modify configuration settings via the _session parameter, which can be leveraged to read …
|
CWE-89
SQLインジェクション
|
CVE-2013-6172
|
2014-03-26 13:54 |
2013-11-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244956
|
7.5 |
HIGH
|
symantec
|
endpoint_protection_manager protection_center
|
The management console in Symantec Endpoint Protection Manager (SEPM) 11.0 before 11.0.7405.1424 and 12.1 before 12.1.4023.4080, and Symantec Protection Center Small Business Edition 12.x before 12.1…
|
NVD-CWE-Other
|
CVE-2013-5014
|
2014-03-26 13:51 |
2014-02-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244957
|
4.0 |
MEDIUM
|
gnu
|
gnutls
|
The TLS implementation in GnuTLS before 2.12.23, 3.0.x before 3.0.28, and 3.1.x before 3.1.7 does not properly consider timing side-channel attacks on a noncompliant MAC check operation during the pr…
|
CWE-310
暗号の問題
|
CVE-2013-1619
|
2014-03-26 13:46 |
2013-02-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244958
|
10.0 |
HIGH
|
adobe
|
flash_player flash_player_for_android adobe_air_sdk_and_compiler adobe_air_sdk adobe_air
|
Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android 2.x and 3.x, and be…
|
CWE-119
バッファエラー
|
CVE-2013-1371
|
2014-03-26 13:45 |
2013-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244959
|
10.0 |
HIGH
|
adobe
|
flash_player flash_player_for_android adobe_air_sdk_and_compiler adobe_air_sdk adobe_air
|
Heap-based buffer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 …
|
CWE-119
バッファエラー
|
CVE-2013-1375
|
2014-03-26 13:45 |
2013-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244960
|
10.0 |
HIGH
|
adobe
|
flash_player adobe_air adobe_air_sdk
|
Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and be…
|
CWE-119
バッファエラー
|
CVE-2013-1378
|
2014-03-26 13:45 |
2013-04-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244961
|
10.0 |
HIGH
|
adobe
|
flash_player adobe_air adobe_air_sdk
|
Adobe Flash Player before 10.3.183.75 and 11.x before 11.7.700.169 on Windows and Mac OS X, before 10.3.183.75 and 11.x before 11.2.202.280 on Linux, before 11.1.111.50 on Android 2.x and 3.x, and be…
|
NVD-CWE-noinfo
|
CVE-2013-1380
|
2014-03-26 13:45 |
2013-04-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244962
|
10.0 |
HIGH
|
adobe
|
flash_player flash_player_for_android adobe_air_sdk_and_compiler adobe_air_sdk adobe_air
|
Integer overflow in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.44 on Android…
|
CWE-189
数値処理の問題
|
CVE-2013-0646
|
2014-03-26 13:44 |
2013-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244963
|
10.0 |
HIGH
|
adobe
|
flash_player flash_player_for_android adobe_air_sdk_and_compiler adobe_air_sdk adobe_air
|
Use-after-free vulnerability in Adobe Flash Player before 10.3.183.68 and 11.x before 11.6.602.180 on Windows and Mac OS X, before 10.3.183.68 and 11.x before 11.2.202.275 on Linux, before 11.1.111.4…
|
CWE-399
リソース管理の問題
|
CVE-2013-0650
|
2014-03-26 13:44 |
2013-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244964
|
4.3 |
MEDIUM
|
gnu
|
gnutls
|
The DTLS implementation in GnuTLS 3.0.10 and earlier executes certain error-handling code only if there is a specific relationship between a padding length and the ciphertext size, which makes it eas…
|
CWE-310
暗号の問題
|
CVE-2012-0390
|
2014-03-26 13:28 |
2012-01-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244965
|
5.0 |
MEDIUM
|
openssl
|
openssl
|
The GOST ENGINE in OpenSSL before 1.0.0f does not properly handle invalid parameters for the GOST block cipher, which allows remote attackers to cause a denial of service (daemon crash) via crafted d…
|
CWE-399
リソース管理の問題
|
CVE-2012-0027
|
2014-03-26 13:27 |
2012-01-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244966
|
4.3 |
MEDIUM
|
openssl
|
openssl
|
OpenSSL before 0.9.8s and 1.x before 1.0.0f, when RFC 3779 support is enabled, allows remote attackers to cause a denial of service (assertion failure) via an X.509 certificate containing certificate…
|
CWE-399
リソース管理の問題
|
CVE-2011-4577
|
2014-03-26 13:25 |
2012-01-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244967
|
5.0 |
MEDIUM
|
openssl
|
openssl
|
crypto/x509/x509_vfy.c in OpenSSL 1.0.x before 1.0.0e does not initialize certain structure members, which makes it easier for remote attackers to bypass CRL validation by using a nextUpdate value co…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-3207
|
2014-03-26 13:22 |
2011-09-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244968
|
5.0 |
MEDIUM
|
openssl
|
openssl
|
The ephemeral ECDH ciphersuite functionality in OpenSSL 0.9.8 through 0.9.8r and 1.0.x before 1.0.0e does not ensure thread safety during processing of handshake messages from clients, which allows r…
|
CWE-399
リソース管理の問題
|
CVE-2011-3210
|
2014-03-26 13:22 |
2011-09-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244969
|
4.3 |
MEDIUM
|
marekkis
|
watermark
|
Cross-site scripting (XSS) vulnerability in the Marekkis Watermark plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the pfad parameter to wp-admin/options…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-1758
|
2014-03-26 09:54 |
2014-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244970
|
4.3 |
MEDIUM
|
proxmox
|
mail_gateway
|
Multiple cross-site scripting (XSS) vulnerabilities in Proxmox Mail Gateway before 3.1-5829 allow remote attackers to inject arbitrary web script or HTML via the (1) state parameter to objects/who/in…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-2325
|
2014-03-26 09:42 |
2014-03-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244971
|
3.5 |
LOW
|
owncloud
|
owncloud
|
Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-0307
|
2014-03-26 09:41 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244972
|
4.3 |
MEDIUM
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar appli…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-0298
|
2014-03-26 09:40 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244973
|
3.5 |
LOW
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-0297
|
2014-03-26 09:39 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244974
|
3.5 |
LOW
|
owncloud
|
owncloud
|
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.13 and 4.5.x before 4.5.8, when the user_migrate application is enabled, allows remote authenticated users to import arbit…
|
NVD-CWE-Other
|
CVE-2013-1851
|
2014-03-26 09:23 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244975
|
3.5 |
LOW
|
owncloud
|
owncloud
|
Per: https://cwe.mitre.org/data/definitions/184.html
"CWE-184: Incomplete Blacklist"
|
NVD-CWE-Other
|
CVE-2013-1851
|
2014-03-26 09:23 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244976
|
4.3 |
MEDIUM
|
trojita_project
|
trojita
|
The OpenConnectionTask::handleStateHelper function in Imap/Tasks/OpenConnectionTask.cpp in Trojita before 0.4.1 allows man-in-the-middle attackers to trigger use of cleartext for saving a message int…
|
CWE-200
情報漏えい
|
CVE-2014-2567
|
2014-03-26 09:20 |
2014-03-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244977
|
2.1 |
LOW
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.8 allow remote authenticated users with administrator privileges to inject arbitrary web script or HTML via the (1) qu…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-1822
|
2014-03-26 06:07 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244978
|
6.5 |
MEDIUM
|
owncloud
|
owncloud
|
Multiple incomplete blacklist vulnerabilities in (1) import.php and (2) ajax/uploadimport.php in apps/contacts/ in ownCloud before 4.0.13 and 4.5.x before 4.5.8 allow remote authenticated users to ex…
|
CWE-94
コード・インジェクション
|
CVE-2013-1850
|
2014-03-26 06:04 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244979
|
3.5 |
LOW
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-2150
|
2014-03-26 06:03 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244980
|
3.5 |
LOW
|
owncloud
|
owncloud
|
Per: http://owncloud.org/about/security/advisories/oC-SA-2013-028/
"Cross-site scripting (XSS) vulnerabilities in js/viewer.js inside the files_videoviewer application via multiple unspecified vecto…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-2150
|
2014-03-26 06:03 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244981
|
6.8 |
MEDIUM
|
owncloud
|
owncloud
|
Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that ch…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2013-0301
|
2014-03-26 05:56 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244982
|
6.8 |
MEDIUM
|
owncloud
|
owncloud
|
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the default view vi…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2013-0300
|
2014-03-26 05:55 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244983
|
6.8 |
MEDIUM
|
owncloud
|
owncloud
|
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change t…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2013-0299
|
2014-03-26 05:49 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244984
|
6.8 |
MEDIUM
|
owncloud
|
owncloud
|
Session fixation vulnerability in ownCloud before 6.0.2, when PHP is configured to accept session parameters through a GET request, allows remote attackers to hijack web sessions via unspecified vect…
|
CWE-287
不適切な認証
|
CVE-2014-2047
|
2014-03-26 04:36 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244985
|
5.0 |
MEDIUM
|
owncloud
|
owncloud
|
The default Flash Cross Domain policies in ownCloud before 5.0.15 and 6.x before 6.0.2 allows remote attackers to access user files via unspecified vectors.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-2049
|
2014-03-26 04:32 |
2014-03-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244986
|
4.3 |
MEDIUM
|
open-xchange
|
open-xchange_appsuite
|
Cross-site scripting (XSS) vulnerability in the frontend in Open-Xchange (OX) AppSuite 7.4.1 before 7.4.1-rev10 and 7.4.2 before 7.4.2-rev8 allows remote attackers to inject arbitrary web script or H…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-2077
|
2014-03-25 07:55 |
2014-03-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244987
|
5.0 |
MEDIUM
|
cisco
|
webex_meeting_center
|
WebEx Meeting Center in Cisco WebEx Business Suite does not properly compose URLs for HTTP GET requests, which allows remote attackers to obtain sensitive information by reading (1) web-server access…
|
CWE-200
情報漏えい
|
CVE-2014-0708
|
2014-03-25 07:48 |
2014-03-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244988
|
4.3 |
MEDIUM
|
videolan
|
vlc_media_player
|
VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file.
|
CWE-399
リソース管理の問題
|
CVE-2013-7340
|
2014-03-25 07:47 |
2014-03-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244989
|
6.5 |
MEDIUM
|
owncloud
|
owncloud
|
Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue …
|
NVD-CWE-noinfo
|
CVE-2013-7344
|
2014-03-25 07:28 |
2014-03-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244990
|
4.3 |
MEDIUM
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 6.0.2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-2057
|
2014-03-25 07:16 |
2014-03-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244991
|
4.3 |
MEDIUM
|
mcafee
|
cloud_single_sign_on
|
Cross-site scripting (XSS) vulnerability in the login audit form in McAfee Cloud Single Sign On (SSO) allows remote attackers to inject arbitrary web script or HTML via a crafted password.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-2586
|
2014-03-25 07:15 |
2014-03-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244992
|
4.9 |
MEDIUM
|
owncloud
|
owncloud
|
ownCloud before 5.0.15 and 6.x before 6.0.2, when the file_external app is enabled, allows remote authenticated users to mount the local filesystem in the user's ownCloud via the mount configuration.
|
CWE-20
不適切な入力確認
|
CVE-2014-2585
|
2014-03-25 02:10 |
2014-03-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244993
|
6.5 |
MEDIUM
|
owncloud
|
owncloud
|
Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: th…
|
NVD-CWE-noinfo
|
CVE-2013-0303
|
2014-03-25 01:38 |
2014-03-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244994
|
4.3 |
MEDIUM
|
flowplayer
|
flowplayer_html5
|
Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-7343
|
2014-03-25 00:16 |
2014-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244995
|
4.3 |
MEDIUM
|
flowplayer
|
flowplayer_html5
|
Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback para…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-7342
|
2014-03-25 00:14 |
2014-03-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244996
|
5.8 |
MEDIUM
|
estrongs
|
es_file_explorer
|
Directory traversal vulnerability in the ES File Explorer File Manager application before 3.0.4 for Android allows remote attackers to overwrite or create arbitrary files via unspecified vectors.
|
CWE-22
パス・トラバーサル
|
CVE-2014-1970
|
2014-03-21 02:12 |
2014-03-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244997
|
4.3 |
MEDIUM
|
estrongs
|
es_file_explorer
|
The EStrongs ES File Explorer application 1.6.0.2 through 1.6.1.1 for Android does not properly restrict access, which allows remote attackers to read arbitrary files via vectors involving an unspeci…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-0322
|
2014-03-21 02:09 |
2012-03-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244998
|
6.8 |
MEDIUM
|
nttdocomo
|
spmode_mail_android
|
The NTT DOCOMO sp mode mail application 5900 through 6300 for Android 4.0.x and 6000 through 6620 for Android 4.1 through 4.4 allows remote attackers to execute arbitrary Java methods via Deco-mail e…
|
CWE-94
コード・インジェクション
|
CVE-2014-1979
|
2014-03-21 01:36 |
2014-03-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244999
|
4.3 |
MEDIUM
|
nttdocomo
|
spmode_mail_android
|
The NTT DOCOMO sp mode mail application 6300 and earlier for Android 4.0.x and 6700 and earlier for Android 4.1 through 4.4 uses weak permissions for attachments during processing of incoming e-mail …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-1977
|
2014-03-21 01:03 |
2014-03-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245000
|
4.3 |
MEDIUM
|
nttdocomo
|
spmode_mail_android
|
The application link interface in the NTT DOCOMO sp mode mail application 6100 through 6300 for Android 4.0.x and 6130 through 6700 for Android 4.1 through 4.4 writes message content to the SD card d…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-1978
|
2014-03-21 01:02 |
2014-03-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|