|
292001
|
- |
|
oracle
|
mojarra
|
Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows r…
|
CWE-79
Cross-site Scripting
|
CVE-2013-5855
|
2024-11-21 10:58 |
2014-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292002
|
- |
|
yealink
|
sip-t38g
|
config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) f…
|
CWE-255
Credentials Management
|
CVE-2013-5755
|
2024-11-21 10:58 |
2014-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292003
|
- |
|
dahuasecurity
|
dvr_firmware
|
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perfo…
|
CWE-287
Improper Authentication
|
CVE-2013-6117
|
2024-11-21 10:58 |
2014-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292004
|
- |
|
ibm
|
marketing_platform
|
SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2013-6311
|
2024-11-21 10:58 |
2014-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292005
|
- |
|
ibm
|
marketing_platform
|
Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2013-6310
|
2024-11-21 10:58 |
2014-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292006
|
- |
|
ibm
|
marketing_platform
|
IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to hijack sessions, and consequently read records, modify records, or conduct transactions, via an unspecified link injection.
|
CWE-94
Code Injection
|
CVE-2013-6309
|
2024-11-21 10:58 |
2014-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292007
|
- |
|
ibm
|
marketing_platform
|
IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to conduct phishing attacks and capture login credentials via an unspecified injection.
|
NVD-CWE-Other
|
CVE-2013-6308
|
2024-11-21 10:58 |
2014-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292008
|
- |
|
hp
|
service_virtualization
|
Directory traversal vulnerability in CommunicationServlet in HP Service Virtualization 3.x before 3.50.1, when the AutoPass license server is enabled, allows remote attackers to create arbitrary file…
|
CWE-22
Path Traversal
|
CVE-2013-6221
|
2024-11-21 10:58 |
2014-06-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292009
|
- |
|
emc
|
rsa_bsafe_toolkits
rsa_data_protection_manager
|
The default configuration of EMC RSA BSAFE Toolkits and RSA Data Protection Manager (DPM) 20130918 uses the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm, which mak…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6078
|
2024-11-21 10:58 |
2014-06-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292010
|
- |
|
livezilla
|
livezilla
|
LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file.
|
CWE-255
Credentials Management
|
CVE-2013-6223
|
2024-11-21 10:58 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
