245101
|
9.0 |
HIGH
|
hp
|
system_management_homepage
|
ginkgosnmp.inc in HP System Management Homepage (SMH) allows remote authenticated users to execute arbitrary commands via shell metacharacters in the PATH_INFO to smhutil/snmpchp.php.en.
|
CWE-78
OSコマンド・インジェクション
|
CVE-2013-3576
|
2014-01-8 13:39 |
2013-06-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245102
|
2.1 |
LOW
|
openstack
|
folsom grizzly havana
|
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by cr…
|
CWE-399
リソース管理の問題
|
CVE-2013-2096
|
2014-01-8 13:37 |
2013-07-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245103
|
7.5 |
HIGH
|
mini-stream
|
castripper
|
Stack-based buffer overflow in Mini-stream CastRipper 2.50.70 allows remote attackers to execute arbitrary code via a long URL in the [playlist] section in a .pls file, a different vector than CVE-20…
|
CWE-119
バッファエラー
|
CVE-2009-5137
|
2014-01-7 11:53 |
2014-01-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245104
|
2.1 |
LOW
|
juniper
|
ive_os
|
Cross-site scripting (XSS) vulnerability in the Secure Access Service Web rewriting feature in Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS before 7.1r17, 7.3 before 7.3r8, 7.4…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-6956
|
2014-01-4 13:51 |
2013-12-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245105
|
4.3 |
MEDIUM
|
juniper
|
idp250 idp75 idp800 idp8200
|
Cross-site scripting (XSS) vulnerability in the web administrative component in Juniper IDP allows remote attackers to inject arbitrary web script or HTML via unspecified vectors to the ACM web serve…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-6957
|
2014-01-4 13:51 |
2013-12-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245106
|
7.1 |
HIGH
|
juniper
|
screenos netscreen-5200 netscreen-5400
|
Juniper NetScreen Firewall running ScreenOS 5.4, 6.2, or 6.3, when the Ping of Death screen is disabled, allows remote attackers to cause a denial of service via a crafted packet.
|
NVD-CWE-noinfo
|
CVE-2013-6958
|
2014-01-4 13:51 |
2013-12-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245107
|
2.1 |
LOW
|
drupal
|
drupal
|
Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the descri…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-6387
|
2014-01-4 13:50 |
2013-12-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245108
|
4.3 |
MEDIUM
|
drupal
|
drupal
|
Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-6388
|
2014-01-4 13:50 |
2013-12-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245109
|
5.8 |
MEDIUM
|
drupal
|
drupal
|
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
CWE-20
不適切な入力確認
|
CVE-2013-6389
|
2014-01-4 13:50 |
2013-12-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245110
|
6.8 |
MEDIUM
|
videocharge
|
watermark_master
|
Buffer overflow in VideoCharge Software Watermark Master 2.2.23 allows remote attackers to execute arbitrary code via a long string in the name attribute of the cols element in a .wstyle file.
|
CWE-119
バッファエラー
|
CVE-2013-6937
|
2014-01-4 13:50 |
2013-12-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245111
|
7.0 |
HIGH
|
hp
|
3com_router 5500-24g-4sfp_hi_switch_with_2_interface_slots 5500-24g-poe_ei_switch 5500-24g-poe_si_switch 5500-24g-sfp_dc_ei_switch 5500-24g-sfp_ei_switch 5500-24g_dc_ei_switch 55…
|
The OSPF implementation on HP JD9##A routers; HP J4###A, J484#B, J8###A, JD3##A, JE###A, and JF55#A switches; HP 3COM routers and switches; and HP H3C routers and switches does not consider the possi…
|
NVD-CWE-noinfo
|
CVE-2013-4806
|
2014-01-4 13:49 |
2013-08-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245112
|
5.8 |
MEDIUM
|
gnupg
|
gnupg
|
GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass int…
|
CWE-310
暗号の問題
|
CVE-2013-4351
|
2014-01-4 13:48 |
2013-10-10 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245113
|
5.0 |
MEDIUM
|
gnupg canonical
|
gnupg ubuntu_linux
|
The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.
|
CWE-20
不適切な入力確認
|
CVE-2013-4402
|
2014-01-4 13:48 |
2013-10-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245114
|
5.1 |
MEDIUM
|
fedoraproject duckcorp
|
fedora bip
|
Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote …
|
CWE-310
暗号の問題
|
CVE-2013-4550
|
2014-01-4 13:48 |
2013-12-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245115
|
4.3 |
MEDIUM
|
duckcorp fedoraproject
|
bip fedora
|
connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes…
|
CWE-310
暗号の問題
|
CVE-2011-5268
|
2014-01-4 13:35 |
2013-12-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245116
|
5.0 |
MEDIUM
|
fatfreecrm
|
fat_free_crm
|
config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by …
|
CWE-310
暗号の問題
|
CVE-2013-7222
|
2014-01-4 02:12 |
2014-01-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245117
|
6.8 |
MEDIUM
|
fatfreecrm
|
fat_free_crm
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2013-7223
|
2014-01-4 02:11 |
2014-01-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245118
|
6.5 |
MEDIUM
|
fatfreecrm
|
fat_free_crm
|
Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage time…
|
CWE-89
SQLインジェクション
|
CVE-2013-7225
|
2014-01-4 02:04 |
2014-01-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245119
|
5.0 |
MEDIUM
|
fatfreecrm
|
fat_free_crm
|
Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json.
|
CWE-200
情報漏えい
|
CVE-2013-7224
|
2014-01-4 01:58 |
2014-01-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245120
|
5.0 |
MEDIUM
|
fatfreecrm
|
fat_free_crm
|
Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a dif…
|
CWE-200
情報漏えい
|
CVE-2013-7249
|
2014-01-4 01:57 |
2014-01-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245121
|
5.0 |
MEDIUM
|
cybozu
|
garoon
|
The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
|
CWE-399
リソース管理の問題
|
CVE-2013-6002
|
2014-01-4 00:31 |
2013-12-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245122
|
6.5 |
MEDIUM
|
cybozu
|
garoon
|
SQL injection vulnerability in the Space function in Cybozu Garoon before 3.7 SP1 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQLインジェクション
|
CVE-2013-6001
|
2014-01-4 00:22 |
2013-12-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245123
|
3.5 |
LOW
|
cybozu
|
garoon
|
CRLF injection vulnerability in Cybozu Garoon 3.1 through 3.5 SP5, when Phone Messages forwarding is enabled, allows remote authenticated users to inject arbitrary e-mail headers via unspecified vect…
|
CWE-20
不適切な入力確認
|
CVE-2013-6003
|
2014-01-4 00:21 |
2013-12-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245124
|
6.8 |
MEDIUM
|
cybozu
|
garoon
|
Session fixation vulnerability in Cybozu Garoon before 3.7.2 allows remote attackers to hijack web sessions via unspecified vectors.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-6004
|
2014-01-4 00:20 |
2013-12-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245125
|
4.3 |
MEDIUM
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-6900
|
2014-01-4 00:20 |
2013-12-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245126
|
4.3 |
MEDIUM
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-6902
|
2014-01-4 00:19 |
2013-12-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245127
|
3.5 |
LOW
|
projectforge
|
projectforge
|
Cross-site scripting (XSS) vulnerability in ProjectForge before 3.5.3 allows remote authenticated users to inject arbitrary web script or HTML via a validation message.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2011-5269
|
2014-01-3 03:21 |
2014-01-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245128
|
10.0 |
HIGH
|
op5
|
monitor
|
op5 Monitor and op5 Appliance before 5.5.0 do not properly manage session cookies, which allows remote attackers to have an unspecified impact via unspecified vectors.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-0264
|
2014-01-3 01:39 |
2014-01-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245129
|
4.0 |
MEDIUM
|
op5
|
monitor
|
monitor/index.php in op5 Monitor and op5 Appliance before 5.5.1 allows remote authenticated users to obtain sensitive information such as database and user credentials via error messages that are tri…
|
CWE-200
情報漏えい
|
CVE-2012-0263
|
2014-01-3 01:35 |
2014-01-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245130
|
10.0 |
HIGH
|
op5
|
monitor system-op5config
|
op5config/welcome in system-op5config before 2.0.3 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the password paramet…
|
CWE-94
コード・インジェクション
|
CVE-2012-0262
|
2014-01-3 01:32 |
2014-01-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245131
|
10.0 |
HIGH
|
op5
|
monitor system-portal
|
license.php in system-portal before 1.6.2 in op5 Monitor and op5 Appliance before 5.5.3 allows remote attackers to execute arbitrary commands via shell metacharacters in the timestamp parameter for a…
|
CWE-94
コード・インジェクション
|
CVE-2012-0261
|
2014-01-3 01:24 |
2014-01-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245132
|
4.3 |
MEDIUM
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 2.x and 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-6907
|
2014-01-1 02:09 |
2013-12-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245133
|
4.3 |
MEDIUM
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon 3.x before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-6908
|
2014-01-1 02:08 |
2013-12-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245134
|
4.3 |
MEDIUM
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in a report component in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-6909
|
2014-01-1 02:04 |
2013-12-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245135
|
4.3 |
MEDIUM
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in Ajax components in Cybozu Garoon before 3.7.0 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-6910
|
2014-01-1 02:03 |
2013-12-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245136
|
3.5 |
LOW
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-6914
|
2014-01-1 02:02 |
2013-12-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245137
|
3.5 |
LOW
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in the system-administration component in Cybozu Garoon before 3.7.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-6915
|
2014-01-1 02:01 |
2013-12-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245138
|
6.8 |
MEDIUM
|
jforum
|
jforum
|
Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2013-7209
|
2014-01-1 00:19 |
2013-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245139
|
3.5 |
LOW
|
esri
|
arcgis
|
The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges.
|
CWE-20
不適切な入力確認
|
CVE-2013-5221
|
2013-12-31 13:26 |
2013-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245140
|
7.5 |
HIGH
|
wordpress
|
wordpress
|
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.
|
CWE-20
不適切な入力確認
|
CVE-2013-4339
|
2013-12-31 13:25 |
2013-09-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245141
|
5.0 |
MEDIUM
|
hp
|
color_laserjet_3000 color_laserjet_3800 color_laserjet_4700 color_laserjet_4730_mfp color_laserjet_5550 color_laserjet_9500_mfp color_laserjet_cm6030_mfp color_laserjet_cm6040_mf…
|
Directory traversal vulnerability in the PostScript Interpreter, as used on the HP LaserJet 4xxx, 5200, 90xx, M30xx, M4345, M50xx, M90xx, P3005, and P4xxx; LaserJet Enterprise P3015; Color LaserJet 3…
|
NVD-CWE-noinfo
|
CVE-2012-5221
|
2013-12-31 13:19 |
2013-04-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245142
|
6.8 |
MEDIUM
|
wordpress
|
wordpress
|
Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of a…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2013-7233
|
2013-12-31 10:42 |
2013-12-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245143
|
7.5 |
HIGH
|
esri
|
arcgis
|
SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service.
|
CWE-89
SQLインジェクション
|
CVE-2013-7232
|
2013-12-31 10:40 |
2013-12-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245144
|
3.5 |
LOW
|
esri
|
arcgis
|
Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-7231
|
2013-12-31 10:39 |
2013-12-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245145
|
3.5 |
LOW
|
esri
|
arcgis
|
Multiple cross-site scripting (XSS) vulnerabilities in ESRI ArcGIS for Server 10.1 allow remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-5222
|
2013-12-31 10:38 |
2013-12-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245146
|
4.3 |
MEDIUM
|
adtran
|
aos netvanta_7060 netvanta_7100
|
Cross-site scripting (XSS) vulnerability in the GUI login page in ADTRAN AOS before R10.8.1 on the NetVanta 7100 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-5210
|
2013-12-31 10:34 |
2013-12-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245147
|
6.1 |
MEDIUM
|
hot
|
hotbox_router_firmware hotbox_router
|
goform/login on the HOT HOTBOX router with software 2.1.11 allows remote attackers to cause a denial of service (device crash) via crafted HTTP POST data.
|
CWE-20
不適切な入力確認
|
CVE-2013-5220
|
2013-12-31 04:29 |
2013-12-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245148
|
2.9 |
LOW
|
hot
|
hotbox_router_firmware hotbox_router
|
Cross-site scripting (XSS) vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to inject arbitrary web script or HTML via a crafted DHCP Host Name option, which is not…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-5218
|
2013-12-31 04:27 |
2013-12-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245149
|
3.3 |
LOW
|
hot
|
hotbox_router_firmware hotbox_router
|
Directory traversal vulnerability on the HOT HOTBOX router with software 2.1.11 allows remote attackers to read arbitrary files via a .. (dot dot) in a URI, as demonstrated by a request for /etc/pass…
|
CWE-22
パス・トラバーサル
|
CVE-2013-5219
|
2013-12-31 04:26 |
2013-12-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245150
|
5.4 |
MEDIUM
|
hot
|
hotbox_router_firmware hotbox_router
|
Cross-site request forgery (CSRF) vulnerability in goform/wlanBasicSecurity on the HOT HOTBOX router with software 2.1.11 allows remote attackers to hijack the authentication of administrators for re…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2013-5039
|
2013-12-31 04:25 |
2013-12-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|