245051
|
7.5 |
HIGH
|
apple
|
mac_os_x
|
Integer signedness error in CoreText in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted Unicode font.
|
CWE-189
数値処理の問題
|
CVE-2014-1261
|
2014-02-28 03:07 |
2014-02-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245052
|
6.8 |
MEDIUM
|
apple
|
mac_os_x
|
Heap-based buffer overflow in CoreAnimation in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted image.
|
CWE-119
バッファエラー
|
CVE-2014-1258
|
2014-02-28 02:59 |
2014-02-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245053
|
9.3 |
HIGH
|
apple
|
quicktime
|
Buffer overflow in Apple QuickTime before 7.7.5 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted ftab atom in a movie file.
|
CWE-119
バッファエラー
|
CVE-2014-1246
|
2014-02-28 02:13 |
2014-02-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245054
|
4.9 |
MEDIUM
|
cybozu
|
garoon
|
Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-0817
|
2014-02-28 02:08 |
2014-02-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245055
|
7.2 |
HIGH
|
norman
|
security_suite
|
Unspecified vulnerability in Norman Security Suite 10.1 and earlier allows local users to gain privileges via unknown vectors.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-0816
|
2014-02-28 01:38 |
2014-02-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245056
|
3.6 |
LOW
|
apple
|
mac_os_x
|
CFNetwork in Apple OS X through 10.8.5 does not remove session cookies upon a Safari reset action, which allows physically proximate attackers to bypass intended access restrictions by leveraging an …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-1257
|
2014-02-27 22:55 |
2014-02-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245057
|
6.8 |
MEDIUM
|
apple
|
mac_os_x
|
Apple Type Services (ATS) in Apple OS X before 10.9.2 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Type 1 font that is embedded in …
|
CWE-119
バッファエラー
|
CVE-2014-1254
|
2014-02-27 22:50 |
2014-02-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245058
|
9.3 |
HIGH
|
apple
|
quicktime
|
Apple QuickTime before 7.7.5 does not initialize an unspecified pointer, which allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted track l…
|
CWE-119
バッファエラー
|
CVE-2014-1243
|
2014-02-27 22:47 |
2014-02-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245059
|
7.8 |
HIGH
|
schneider-electric
|
citectscada powerlogic_scada struxureware_powerscada_expert struxureware_scada_expert_vijeo_citect
|
Schneider Electric StruxureWare SCADA Expert Vijeo Citect 7.40, Vijeo Citect 7.20 through 7.30SP1, CitectSCADA 7.20 through 7.30SP1, StruxureWare PowerSCADA Expert 7.30 through 7.30SR1, and PowerLogi…
|
NVD-CWE-Other
|
CVE-2013-2824
|
2014-02-27 01:58 |
2014-02-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245060
|
7.5 |
HIGH
|
osehra
|
vista
|
The M2M Broker in OSEHRA VistA, as distributed before September 30, 2013, allows attackers to bypass authentication and authorization to perform doctor-only actions and read or modify patient records…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-6945
|
2014-02-26 03:18 |
2013-12-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245061
|
5.0 |
MEDIUM
|
tattyan
|
tattyan_hptown
|
Directory traversal vulnerability in Tattyan HP TOWN before 5_10_1 allows remote attackers to read arbitrary files via a .. (dot dot) in a request.
|
CWE-22
パス・トラバーサル
|
CVE-2013-6000
|
2014-02-26 03:16 |
2013-12-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245062
|
10.0 |
HIGH
|
cru-inc
|
ditto_forensic_fieldstation_firmware ditto_forensic_fieldstation
|
CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the …
|
CWE-78
OSコマンド・インジェクション
|
CVE-2013-6881
|
2014-02-26 03:11 |
2014-01-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245063
|
5.0 |
MEDIUM
|
libreswan
|
libreswan
|
Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet.
|
CWE-189
数値処理の問題
|
CVE-2013-4564
|
2014-02-26 03:02 |
2014-01-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245064
|
4.3 |
MEDIUM
|
mybb
|
mybb
|
Cross-site scripting (XSS) vulnerability in the mycode_parse_video function in inc/class_parser.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-7288
|
2014-02-25 23:47 |
2014-01-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245065
|
5.0 |
MEDIUM
|
dotnetblogengine
|
blogengine.net
|
BlogEngine.NET 2.8.0.0 and earlier allows remote attackers to read usernames and password hashes via a request for the sioc.axd file.
|
CWE-200
情報漏えい
|
CVE-2013-6953
|
2014-02-25 23:38 |
2014-01-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245066
|
4.6 |
MEDIUM
|
xen
|
xen
|
Xen, when using x86 Intel processors and the VMX virtualization extension is enabled, does not properly handle cpuid instruction emulation when exiting the VM, which allows local guest users to cause…
|
NVD-CWE-noinfo
|
CVE-2011-1936
|
2014-02-25 23:10 |
2014-01-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245067
|
5.0 |
MEDIUM
|
7mediaws
|
edutrac
|
Directory traversal vulnerability in 7 Media Web Solutions eduTrac before 1.1.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the showmask parameter to installer/overview.php.
|
CWE-22
パス・トラバーサル
|
CVE-2013-7097
|
2014-02-25 23:05 |
2014-01-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245068
|
4.3 |
MEDIUM
|
mybb
|
mybb
|
Cross-site scripting (XSS) vulnerability in misc.php in MyBB (aka MyBulletinBoard) before 1.6.12 allows remote attackers to inject arbitrary web script or HTML via the editor parameter in a smilie li…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-7275
|
2014-02-25 23:03 |
2014-01-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245069
|
5.0 |
MEDIUM
|
westerndeal wordpress
|
advanced_dewplayer wordpress
|
Directory traversal vulnerability in download-file.php in the Advanced Dewplayer plugin 1.2 for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the dew_file parameter.
|
CWE-22
パス・トラバーサル
|
CVE-2013-7240
|
2014-02-25 22:18 |
2014-01-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245070
|
4.0 |
MEDIUM
|
apache
|
cloudstack
|
The (1) ListNetworkACL and (2) listNetworkACLLists APIs in Apache CloudStack before 4.2.1 allow remote authenticated users to list network ACLS for other users via a crafted request.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2014-0031
|
2014-02-25 21:38 |
2014-01-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245071
|
6.5 |
MEDIUM
|
icinga
|
icinga
|
Multiple stack-based buffer overflows in Icinga before 1.8.5, 1.9 before 1.9.4, and 1.10 before 1.10.2 allow remote authenticated users to cause a denial of service (crash) and possibly execute arbit…
|
CWE-119
バッファエラー
|
CVE-2013-7106
|
2014-02-25 21:19 |
2014-01-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245072
|
2.1 |
LOW
|
almanah_project
|
almanah
|
Almanah Diary 0.9.0 and 0.10.0 does not encrypt the database when closed, which allows local users to obtain sensitive information by reading the database.
|
CWE-310
暗号の問題
|
CVE-2013-1853
|
2014-02-25 11:44 |
2014-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245073
|
6.8 |
MEDIUM
|
opsview
|
opsview
|
Cross-site request forgery (CSRF) vulnerability in Opsview before 4.4.2 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors.
|
CWE-352
同一生成元ポリシー違反
|
CVE-2013-7256
|
2014-02-25 11:17 |
2014-01-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245074
|
4.3 |
MEDIUM
|
cs-cart
|
cs-cart
|
Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) a…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-7317
|
2014-02-25 11:14 |
2014-01-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245075
|
4.3 |
MEDIUM
|
aphpkb
|
aphpkb
|
Multiple cross-site scripting (XSS) vulnerabilities in register.php in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) first_…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-7289
|
2014-02-25 11:01 |
2014-01-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245076
|
5.0 |
MEDIUM
|
google
|
chrome
|
Google Chrome through 32.0.1700.23 on Android allows remote attackers to spoof the address bar via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2013-6642
|
2014-02-25 10:55 |
2014-01-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245077
|
10.0 |
HIGH
|
cru-inc
|
ditto_forensic_fieldstation_firmware ditto_forensic_fieldstation
|
The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.
|
CWE-255
証明書・パスワード管理
|
CVE-2013-6884
|
2014-02-25 10:44 |
2014-01-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245078
|
4.0 |
MEDIUM
|
wordpress
|
wordpress
|
wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by vi…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-6635
|
2014-02-25 10:38 |
2014-01-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245079
|
6.4 |
MEDIUM
|
wordpress
|
wordpress
|
wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-6634
|
2014-02-25 10:37 |
2014-01-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245080
|
4.3 |
MEDIUM
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in wp-includes/default-filters.php in WordPress before 3.3.3 allows remote attackers to inject arbitrary web script or HTML via an editable slug field.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2012-6633
|
2014-02-25 10:36 |
2014-01-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245081
|
9.3 |
HIGH
|
aloaha
|
aloaha_pdf_suite_free aloahapdfviewer
|
Stack-based buffer overflow in AloahaPDFViewer 5.0.0.7 and earlier in Aloaha PDF Suite FREE allows remote attackers to execute arbitrary code via a crafted PDF file.
|
CWE-119
バッファエラー
|
CVE-2013-4978
|
2014-02-25 10:13 |
2014-02-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245082
|
5.8 |
MEDIUM
|
redhat
|
network_satellite spacewalk
|
Open redirect vulnerability in Spacewalk 1.6, as used in Red Hat Network (RHN) Satellite, allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in th…
|
CWE-20
不適切な入力確認
|
CVE-2011-1594
|
2014-02-25 10:04 |
2014-02-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245083
|
5.0 |
MEDIUM
|
kde
|
kdelibs
|
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and pa…
|
CWE-200
情報漏えい
|
CVE-2013-2074
|
2014-02-25 09:26 |
2014-02-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245084
|
6.8 |
MEDIUM
|
rapid7
|
nexpose
|
Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete sc…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2012-6493
|
2014-02-25 07:17 |
2014-02-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245085
|
9.3 |
HIGH
|
iconics
|
genesis32
|
An ActiveX control in GenLaunch.htm in ICONICS GENESIS32 8.0, 8.02, 8.04, and 8.05 allows remote attackers to execute arbitrary programs via a crafted HTML document.
|
CWE-20
不適切な入力確認
|
CVE-2014-0758
|
2014-02-25 04:45 |
2014-02-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245086
|
7.5 |
HIGH
|
google
|
chrome
|
Directory traversal vulnerability in sandbox/win/src/named_pipe_dispatcher.cc in Google Chrome before 33.0.1750.117 on Windows allows attackers to bypass intended named-pipe policy restrictions in th…
|
CWE-22
パス・トラバーサル
|
CVE-2013-6652
|
2014-02-25 04:20 |
2014-02-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245087
|
9.3 |
HIGH
|
mitsubishielectric
|
mc-worx_suite
|
An ActiveX control in IcoLaunch.dll in Mitsubishi Electric Automation MC-WorX Suite 8.02 allows user-assisted remote attackers to execute arbitrary programs via a crafted HTML document in conjunction…
|
CWE-94
コード・インジェクション
|
CVE-2013-2817
|
2014-02-25 03:48 |
2014-02-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245088
|
6.8 |
MEDIUM
|
cisco
|
unified_computing_system_central_software
|
Cisco Unified Computing System (UCS) Central Software 1.1 and earlier allows local users to gain privileges via a CLI copy command in a local-mgmt context, aka Bug ID CSCul53128.
|
CWE-20
不適切な入力確認
|
CVE-2014-0730
|
2014-02-25 02:53 |
2014-02-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245089
|
7.1 |
HIGH
|
belkin
|
wemo_home_automation_firmware
|
The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.5…
|
CWE-310
暗号の問題
|
CVE-2013-6951
|
2014-02-25 02:19 |
2014-02-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245090
|
7.1 |
HIGH
|
cisco
|
firewall_services_module_software
|
Race condition in the cut-through proxy feature in Cisco Firewall Services Module (FWSM) Software 3.x before 3.2(28) and 4.x before 4.1(15) allows remote attackers to cause a denial of service (devic…
|
CWE-362
競合状態
|
CVE-2014-0710
|
2014-02-25 01:55 |
2014-02-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245091
|
5.0 |
MEDIUM
|
bitweaver
|
bitweaver
|
Directory traversal vulnerability in gmap/view_overlay.php in Bitweaver 2.8.1 and earlier allows remote attackers to read arbitrary files via "''%2F" (dot dot encoded slash) sequences in the overlay_…
|
CWE-22
パス・トラバーサル
|
CVE-2012-5192
|
2014-02-22 04:49 |
2014-01-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245092
|
6.5 |
MEDIUM
|
courion
|
access_risk_management_suite
|
The password reset feature in Courion Access Risk Management Suite Version 8 Update 9 allows remote authenticated users to bypass intended Internet Explorer usage restrictions and execute arbitrary c…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-2747
|
2014-02-22 04:48 |
2014-01-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245093
|
6.5 |
MEDIUM
|
cybozu
|
garoon
|
SQL injection vulnerability in the page-navigation implementation in Cybozu Garoon 2.0.0 through 2.0.6, 2.1.0 through 2.1.3, 2.5.0 through 2.5.4, 3.0.0 through 3.0.3, 3.5.0 through 3.5.5, and 3.7.x b…
|
CWE-89
SQLインジェクション
|
CVE-2013-6930
|
2014-02-22 04:45 |
2014-01-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245094
|
6.5 |
MEDIUM
|
cybozu
|
garoon
|
SQL injection vulnerability in the API in Cybozu Garoon 3.7.x before 3.7.3 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, a different vulnerability than …
|
CWE-89
SQLインジェクション
|
CVE-2013-6931
|
2014-02-22 04:44 |
2014-01-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245095
|
2.1 |
LOW
|
hp
|
linux_imaging_and_printing_project
|
HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissions for /var/log/hp and /var/log/hp/tmp, which allows local users to delete log files via standard filesystem operation…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-6108
|
2014-02-22 04:43 |
2014-02-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245096
|
4.9 |
MEDIUM
|
civicrm
|
civicrm
|
CiviCRM 2.0.0 through 4.2.9 and 4.3.0 through 4.3.3 does not properly enforce role-based access control (RBAC) restrictions for default custom searches, which allows remote authenticated users with t…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-4661
|
2014-02-22 04:35 |
2014-01-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245097
|
6.5 |
MEDIUM
|
civicrm
|
civicrm
|
The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to …
|
CWE-89
SQLインジェクション
|
CVE-2013-4662
|
2014-02-22 04:29 |
2014-01-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245098
|
6.8 |
MEDIUM
|
springsignage
|
xibo
|
Multiple cross-site request forgery (CSRF) vulnerabilities in index.php in Digital Signage Xibo 1.4.2 allow remote attackers to hijack the authentication of administrators for requests that (1) add a…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2013-4889
|
2014-02-22 04:15 |
2014-01-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245099
|
4.3 |
MEDIUM
|
springsignage
|
xibo
|
Cross-site scripting (XSS) vulnerability in index.php in Digital Signage Xibo 1.4.2 allows remote attackers to inject arbitrary web script or HTML via the layout parameter in the layout page.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-4888
|
2014-02-22 04:13 |
2014-01-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245100
|
5.0 |
MEDIUM
|
op5
|
monitor
|
Unspecified vulnerability in op5 Monitor before 6.1.3 allows attackers to read arbitrary files via unknown vectors related to lack of authorization.
|
NVD-CWE-noinfo
|
CVE-2013-6141
|
2014-02-22 04:07 |
2014-01-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|