|
290001
|
- |
|
qnap
|
qts
|
Absolute path traversal vulnerability in cgi-bin/jc.cgi in QNAP QTS before 4.1.0 allows remote attackers to read arbitrary files via a full pathname in the f parameter.
|
CWE-22
Path Traversal
|
CVE-2013-7174
|
2024-11-21 11:00 |
2014-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290002
|
- |
|
synology
|
diskstation_manager
|
webman/imageSelector.cgi in Synology DiskStation Manager (DSM) 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary files, an…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6955
|
2024-11-21 11:00 |
2014-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290003
|
- |
|
open-xchange
|
open-xchange_appsuite
|
Multiple cross-site scripting (XSS) vulnerabilities in Open-Xchange (OX) AppSuite 7.4.0 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) an HTML email with crafted CS…
|
CWE-79
Cross-site Scripting
|
CVE-2013-6997
|
2024-11-21 11:00 |
2014-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290004
|
- |
|
cisco
|
nx-os
|
The BGP implementation in Cisco NX-OS 6.2(2a) and earlier does not properly handle the interaction of UPDATE messages with IPv6, VPNv4, and VPNv6 labeled unicast-address families, which allows remote…
|
CWE-20
Improper Input Validation
|
CVE-2013-6982
|
2024-11-21 11:00 |
2014-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290005
|
- |
|
linux
|
linux_kernel
|
The dgram_recvmsg function in net/ieee802154/dgram.c in the Linux kernel before 3.12.4 updates a certain length value without ensuring that an associated data structure has been initialized, which al…
|
CWE-200
Information Exposure
|
CVE-2013-7281
|
2024-11-21 11:00 |
2014-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290006
|
- |
|
hansotools
|
hanso_player
|
Buffer overflow in HansoTools Hanso Player 2.1.0, 2.5.0, and earlier allows remote attackers to cause a denial of service (crash) via a long string in a .m3u file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-7280
|
2024-11-21 11:00 |
2014-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290007
|
- |
|
anthony_mills
|
s3_video
|
Cross-site scripting (XSS) vulnerability in views/video-management/preview_video.php in the S3 Video plugin before 0.983 for WordPress allows remote attackers to inject arbitrary web script or HTML v…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7279
|
2024-11-21 11:00 |
2014-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290008
|
- |
|
naxtech
|
cms_afroditi
|
SQL injection vulnerability in Naxtech CMS Afroditi 1.0 allows remote attackers to execute arbitrary SQL commands via the id parameter to default.asp.
|
CWE-89
SQL Injection
|
CVE-2013-7278
|
2024-11-21 11:00 |
2014-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290009
|
- |
|
aphpkb
|
aphpkb
|
Multiple cross-site scripting (XSS) vulnerabilities in Andy's PHP Knowledgebase (Aphpkb) before 0.95.8 allow remote attackers to inject arbitrary web script or HTML via the (1) HTTP Referer header to…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7277
|
2024-11-21 11:00 |
2014-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290010
|
- |
|
recommend_to_a_friend_project
|
recommend_to_a_friend
|
Cross-site scripting (XSS) vulnerability in inc/raf_form.php in the Recommend to a friend plugin 2.0.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the current_url…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7276
|
2024-11-21 11:00 |
2014-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
