|
245001
|
4.3 |
MEDIUM
|
redhat
|
jboss_enterprise_portal_platform
|
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat JBoss Enterprise Portal Platform before 5.2.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-4580
|
2014-03-11 04:18 |
2014-02-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245002
|
10.0 |
HIGH
|
suse
|
studio_extension_for_system_z
studio_onsite
|
SUSE Studio Onsite 1.3.x before 1.3.6 and SUSE Studio Extension for System z 1.3 uses "static" secret tokens, which has unspecified impact and vectors.
|
CWE-310
暗号の問題
|
CVE-2013-3712
|
2014-03-11 04:17 |
2014-02-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245003
|
9.3 |
HIGH
|
apple
|
quicktime
|
Integer signedness error in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted stsz atom in a movie file.
|
CWE-189
数値処理の問題
|
CVE-2014-1245
|
2014-03-11 02:40 |
2014-02-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245004
|
9.3 |
HIGH
|
apple
|
quicktime
|
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ldat atom in a movie file.
|
CWE-119
バッファエラー
|
CVE-2014-1248
|
2014-03-11 02:39 |
2014-02-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245005
|
9.3 |
HIGH
|
apple
|
quicktime
|
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PSD image.
|
CWE-119
バッファエラー
|
CVE-2014-1249
|
2014-03-11 02:38 |
2014-02-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245006
|
9.3 |
HIGH
|
apple
|
quicktime
|
Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted dref atom in a movie file.
|
CWE-119
バッファエラー
|
CVE-2014-1247
|
2014-03-11 02:37 |
2014-02-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245007
|
9.3 |
HIGH
|
apple
|
quicktime
|
Apple QuickTime before 7.7.5 does not properly perform a byte-swapping operation, which allows remote attackers to execute arbitrary code or cause a denial of service (out-of-bounds memory access and…
|
CWE-119
バッファエラー
|
CVE-2014-1250
|
2014-03-11 02:37 |
2014-02-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245008
|
6.8 |
MEDIUM
|
apple
|
mac_os_x
mac_os_x_server
|
Buffer overflow in File Bookmark in Apple OS X before 10.9.2 allows attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted filename.
|
CWE-119
バッファエラー
|
CVE-2014-1259
|
2014-03-11 02:37 |
2014-02-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245009
|
6.8 |
MEDIUM
|
apple
|
mac_os_x
|
QuickLook in Apple OS X through 10.8.5 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted Microsoft Office document.
|
CWE-119
バッファエラー
|
CVE-2014-1260
|
2014-03-11 02:36 |
2014-02-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245010
|
3.3 |
LOW
|
apple
|
mac_os_x
|
Finder in Apple OS X before 10.9.2 does not ensure ACL integrity after the viewing of file ACL information, which allows local users to bypass intended access restrictions in opportunistic circumstan…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-1264
|
2014-03-11 02:32 |
2014-02-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245011
|
9.3 |
HIGH
|
google
|
android
|
Android 3.0 through 4.1.x on Disney Mobile, eAccess, KDDI, NTT DOCOMO, SoftBank, and other devices does not properly implement the WebView class, which allows remote attackers to execute arbitrary me…
|
CWE-20
不適切な入力確認
|
CVE-2013-4710
|
2014-03-11 02:25 |
2014-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245012
|
4.3 |
MEDIUM
|
atlassian
|
jira
|
Directory traversal vulnerability in the Importers plugin in Atlassian JIRA before 6.0.5 allows remote attackers to create arbitrary files via unspecified vectors.
|
CWE-22
パス・トラバーサル
|
CVE-2014-2313
|
2014-03-11 01:38 |
2014-03-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245013
|
4.3 |
MEDIUM
|
atlassian
|
jira
|
Per: https://confluence.atlassian.com/display/JIRA/JIRA+Security+Advisory+2014-02-26
"Issue 2: Path traversal in JIRA Importers plugin (Windows only)"
|
CWE-22
パス・トラバーサル
|
CVE-2014-2313
|
2014-03-11 01:38 |
2014-03-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245014
|
6.8 |
MEDIUM
|
opendocman
|
opendocman
|
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the table parameter. NOTE: some of these details are obtained f…
|
CWE-89
SQLインジェクション
|
CVE-2014-2317
|
2014-03-11 01:25 |
2014-03-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245015
|
7.5 |
HIGH
|
opendocman
|
opendocman
|
SQL injection vulnerability in ajax_udf.php in OpenDocMan before 1.2.7.2 allows remote attackers to execute arbitrary SQL commands via the add_value parameter.
|
CWE-89
SQLインジェクション
|
CVE-2014-1945
|
2014-03-11 01:24 |
2014-03-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245016
|
6.5 |
MEDIUM
|
owncloud
|
owncloud
|
SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vector…
|
CWE-89
SQLインジェクション
|
CVE-2013-2046
|
2014-03-10 23:15 |
2014-03-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245017
|
6.5 |
MEDIUM
|
owncloud
|
owncloud
|
SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2013-2045
|
2014-03-10 23:12 |
2014-03-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245018
|
2.6 |
LOW
|
openstack
|
image_registry_and_delivery_service_\(glance\)
|
OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARN…
|
CWE-255
証明書・パスワード管理
|
CVE-2014-1948
|
2014-03-8 14:13 |
2014-02-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245019
|
5.0 |
MEDIUM
|
php
|
php
|
ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check data types, which might allow remote attackers to obtain sensitive information by using a (1) string or (2) array data type in place of a numeric …
|
CWE-189
数値処理の問題
|
CVE-2014-2020
|
2014-03-8 14:13 |
2014-02-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245020
|
4.3 |
MEDIUM
|
openstack
|
swift
|
The TempURL middleware in OpenStack Object Storage (Swift) 1.4.6 through 1.8.0, 1.9.0 through 1.10.0, and 1.11.0 allows remote attackers to obtain secret URLs by leveraging an object name and a timin…
|
CWE-200
情報漏えい
|
CVE-2014-0006
|
2014-03-8 14:12 |
2014-01-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245021
|
5.0 |
MEDIUM
|
openstack
|
havana
|
Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive…
|
CWE-200
情報漏えい
|
CVE-2013-6419
|
2014-03-8 14:11 |
2014-01-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245022
|
5.0 |
MEDIUM
|
pidgin
|
pidgin
|
Integer signedness error in the MXit functionality in Pidgin before 2.10.8 allows remote attackers to cause a denial of service (segmentation fault) via a crafted emoticon value, which triggers an in…
|
CWE-189
数値処理の問題
|
CVE-2013-6489
|
2014-03-8 14:11 |
2014-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245023
|
10.0 |
HIGH
|
pidgin
|
pidgin
|
The SIMPLE protocol functionality in Pidgin before 2.10.8 allows remote attackers to have an unspecified impact via a negative Content-Length header, which triggers a buffer overflow.
|
CWE-119
バッファエラー
|
CVE-2013-6490
|
2014-03-8 14:11 |
2014-02-7 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245024
|
5.4 |
MEDIUM
|
jgroups
redhat
|
jgroup
jboss_enterprise_application_platform
|
The DiagnosticsHandler in JGroup 3.0.x, 3.1.x, 3.2.x before 3.2.9, and 3.3.x before 3.3.3 allows remote attackers to obtain sensitive information (diagnostic information) and execute arbitrary code b…
|
CWE-200
情報漏えい
|
CVE-2013-4112
|
2014-03-8 14:09 |
2013-09-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245025
|
1.9 |
LOW
|
redhat
|
jboss_enterprise_application_platform
|
PicketBox, as used in Red Hat JBoss Enterprise Application Platform before 6.1.1, allows local users to obtain the admin encryption key by reading the Vault data file.
|
CWE-310
暗号の問題
|
CVE-2013-1921
|
2014-03-8 14:05 |
2013-09-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245026
|
2.6 |
LOW
|
drupal
|
drupal
|
Cross-site scripting (XSS) vulnerability in Drupal 6.x before 6.28 and 7.x before 7.19, when running with older versions of jQuery that are vulnerable to CVE-2011-4969, allows remote attackers to inj…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-0244
|
2014-03-8 14:02 |
2014-01-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245027
|
7.5 |
HIGH
|
apache
|
solr
|
The (1) UpdateRequestHandler for XSLT or (2) XPathEntityProcessor in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaratio…
|
NVD-CWE-noinfo
|
CVE-2012-6612
|
2014-03-8 14:02 |
2013-12-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245028
|
4.3 |
MEDIUM
|
christos_zoulas
tim_robbins
|
file
libmagic
|
file before 5.11 and libmagic allow remote attackers to cause a denial of service (crash) via a crafted Composite Document File (CDF) file that triggers (1) an out-of-bounds read or (2) an invalid po…
|
CWE-119
バッファエラー
|
CVE-2012-1571
|
2014-03-8 13:55 |
2012-07-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245029
|
6.8 |
MEDIUM
|
drupal
|
drupal
|
Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without det…
|
CWE-200
情報漏えい
|
CVE-2012-0825
|
2014-03-8 13:54 |
2013-10-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245030
|
6.8 |
MEDIUM
|
drupal
|
drupal
|
Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for …
|
CWE-352
同一生成元ポリシー違反
|
CVE-2012-0826
|
2014-03-8 13:54 |
2013-10-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245031
|
1.9 |
LOW
|
robert_ancell
|
lightdm
|
LightDM before 1.0.6 allows local users to change ownership of arbitrary files via a symlink attack on ~/.Xauthority.
|
CWE-59
リンク解釈の問題
|
CVE-2011-4105
|
2014-03-8 13:51 |
2012-02-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245032
|
4.6 |
MEDIUM
|
ecryptfs
|
ecryptfs-utils
ecryptfs_utils
|
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to effectively replace any directory with a new filesystem, and con…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-1831
|
2014-03-8 13:47 |
2014-02-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245033
|
2.1 |
LOW
|
ecryptfs
|
ecryptfs-utils
ecryptfs_utils
|
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly check mountpoint permissions, which allows local users to remove directories via a umount system call.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-1832
|
2014-03-8 13:47 |
2014-02-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245034
|
2.1 |
LOW
|
ecryptfs
|
ecryptfs-utils
ecryptfs_utils
|
utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 does not properly maintain the mtab file during error conditions, which allows local users to cause a denial of service (table corruption) o…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-1834
|
2014-03-8 13:47 |
2014-02-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245035
|
4.4 |
MEDIUM
|
ecryptfs
|
ecryptfs-utils
ecryptfs_utils
|
The encrypted private-directory setup process in utils/ecryptfs-setup-private in ecryptfs-utils before 90 does not properly ensure that the passphrase file is created, which might allow local users t…
|
CWE-255
証明書・パスワード管理
|
CVE-2011-1835
|
2014-03-8 13:47 |
2014-02-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245036
|
4.6 |
MEDIUM
|
ecryptfs
|
ecryptfs-utils
ecryptfs_utils
|
utils/ecryptfs-recover-private in ecryptfs-utils before 90 does not establish a subdirectory with safe permissions, which might allow local users to bypass intended access restrictions via standard f…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-1836
|
2014-03-8 13:47 |
2014-02-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245037
|
3.6 |
LOW
|
ecryptfs
|
ecryptfs-utils
ecryptfs_utils
|
The lock-counter implementation in utils/mount.ecryptfs_private.c in ecryptfs-utils before 90 allows local users to overwrite arbitrary files via unspecified vectors.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-1837
|
2014-03-8 13:47 |
2014-02-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245038
|
7.5 |
HIGH
|
posh_project
|
posh
|
SQL injection vulnerability in portal/addtoapplication.php in POSH (aka Posh portal or Portaneo) 3.0 before 3.3.0 allows remote attackers to execute arbitrary SQL commands via the rssurl parameter.
|
CWE-89
SQLインジェクション
|
CVE-2014-2211
|
2014-03-8 05:32 |
2014-03-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245039
|
4.3 |
MEDIUM
|
drinkedin
|
drinkedin_barfinder
|
The DrinkedIn BarFinder application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain sensitive fine-geo…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-1887
|
2014-03-8 05:04 |
2014-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245040
|
6.8 |
MEDIUM
|
edinburghtour
|
edinburgh_by_bus
|
The Edinburgh by Bus application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently access external-storage reso…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-1886
|
2014-03-8 05:02 |
2014-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245041
|
6.4 |
MEDIUM
|
hsgroup
|
forzearmate
|
The ForzeArmate application for Android, when Adobe PhoneGap 2.9.0 or earlier is used, allows remote attackers to execute arbitrary JavaScript code, and consequently obtain write access to external-s…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-1885
|
2014-03-8 05:01 |
2014-03-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245042
|
7.8 |
HIGH
|
cisco
|
wireless_lan_controller_software
|
Cisco Wireless LAN Controller (WLC) devices 7.0 before 7.0.250.0, 7.2, 7.3, and 7.4 before 7.4.110.0 do not properly deallocate memory, which allows remote attackers to cause a denial of service (reb…
|
CWE-399
リソース管理の問題
|
CVE-2014-0701
|
2014-03-8 04:50 |
2014-03-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245043
|
6.0 |
MEDIUM
|
cmsmadesimple
|
cms_made_simple
|
SQL injection vulnerability in the News module in CMS Made Simple (CMSMS) before 1.11.10 allows remote authenticated users with the "Modify News" permission to execute arbitrary SQL commands via the …
|
CWE-89
SQLインジェクション
|
CVE-2014-2245
|
2014-03-8 04:43 |
2014-03-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245044
|
4.3 |
MEDIUM
|
serena
|
dimensions_cm
|
Multiple cross-site scripting (XSS) vulnerabilities in the web client in Serena Dimensions CM 12.2 build 7.199.0 allow remote attackers to inject arbitrary web script or HTML via the (1) DB_CONN, (2)…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2014-0335
|
2014-03-8 04:19 |
2014-03-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245045
|
6.8 |
MEDIUM
|
serena
|
dimensions_cm
|
Cross-site request forgery (CSRF) vulnerability in the web client in Serena Dimensions CM 12.2 build 7.199.0 allows remote attackers to hijack the authentication of administrators for requests that u…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2014-0336
|
2014-03-8 04:19 |
2014-03-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245046
|
2.7 |
LOW
|
emc
|
rsa_data_loss_prevention
|
EMC RSA Data Loss Prevention (DLP) 9.x before 9.6-SP2 does not properly manage sessions, which allows remote authenticated users to gain privileges and bypass intended content-reading restrictions vi…
|
NVD-CWE-noinfo
|
CVE-2014-0624
|
2014-03-8 04:17 |
2014-03-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245047
|
8.5 |
HIGH
|
emc
|
documentum_taskspace
|
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 does not properly handle the interaction between the dm_world group and the dm_superusers_dynamic group, which allows remote aut…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-0629
|
2014-03-8 04:16 |
2014-03-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245048
|
4.0 |
MEDIUM
|
emc
|
documentum_taskspace
|
EMC Documentum TaskSpace (TSP) 6.7SP1 before P25 and 6.7SP2 before P11 allows remote authenticated users to read arbitrary files via a modified imaging-service URL.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-0630
|
2014-03-8 04:14 |
2014-03-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245049
|
10.0 |
HIGH
|
cisco
|
wireless_lan_controller_software
wireless_lan_controller
|
Cisco Wireless LAN Controller (WLC) devices 7.4 before 7.4.110.0 distribute Aironet IOS software with a race condition in the status of the administrative HTTP server, which allows remote attackers t…
|
CWE-362
競合状態
|
CVE-2014-0703
|
2014-03-8 04:12 |
2014-03-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
245050
|
7.1 |
HIGH
|
cisco
|
wireless_lan_controller_software
wireless_lan_controller
|
The IGMP implementation on Cisco Wireless LAN Controller (WLC) devices 4.x, 5.x, 6.x, 7.0 before 7.0.250.0, 7.1, 7.2, and 7.3, when IGMPv3 Snooping is enabled, allows remote attackers to cause a deni…
|
CWE-399
リソース管理の問題
|
CVE-2014-0704
|
2014-03-8 04:12 |
2014-03-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
|
