|
291101
|
- |
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud Server before 5.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) new_name parameter to apps/bookmarks/ajax…
|
CWE-79
Cross-site Scripting
|
CVE-2013-1890
|
2024-11-21 10:50 |
2014-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291102
|
- |
|
redhat
|
satellite
|
Cross-site scripting (XSS) vulnerability in account/EditAddress.do in Spacewalk and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary web script or HTML via the type par…
|
CWE-79
Cross-site Scripting
|
CVE-2013-1871
|
2024-11-21 10:50 |
2014-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291103
|
- |
|
extended_module_player_project
|
extended_module_player
|
Buffer overflow in the get_dsmp function in loaders/masi_load.c in libxmp before 4.1.0 allows remote attackers to execute arbitrary code via a crafted MASI file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-1980
|
2024-11-21 10:50 |
2014-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291104
|
- |
|
apache
|
wicket
|
Unspecified vulnerability in Apache Wicket 1.4.x before 1.4.23, 1.5.x before 1.5.11, and 6.x before 6.8.0 allows remote attackers to obtain sensitive information via vectors that cause raw HTML templ…
|
NVD-CWE-noinfo
|
CVE-2013-2055
|
2024-11-21 10:50 |
2014-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291105
|
- |
|
roundcube
|
webmail
|
Absolute path traversal vulnerability in steps/mail/sendmail.inc in Roundcube Webmail before 0.7.3 and 0.8.x before 0.8.6 allows remote attackers to read arbitrary files via a full pathname in the _v…
|
CWE-22
Path Traversal
|
CVE-2013-1904
|
2024-11-21 10:50 |
2014-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291106
|
- |
|
gpsd_project
canonical
|
gpsd
ubuntu_linux
|
The NMEA0183 driver in gpsd before 3.9 allows remote attackers to cause a denial of service (daemon termination) and possibly execute arbitrary code via a GPS packet with a malformed $GPGGA interpret…
|
CWE-20
Improper Input Validation
|
CVE-2013-2038
|
2024-11-21 10:50 |
2014-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291107
|
- |
|
kde
|
kdelibs
|
kioslave/http/http.cpp in KIO in kdelibs 4.10.3 and earlier allows attackers to discover credentials via a crafted request that triggers an "internal server error," which includes the username and pa…
|
CWE-200
Information Exposure
|
CVE-2013-2074
|
2024-11-21 10:50 |
2014-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291108
|
- |
|
apache
|
activemq
|
Cross-site scripting (XSS) vulnerability in the Portfolio publisher servlet in the demo web application in Apache ActiveMQ before 5.9.0 allows remote attackers to inject arbitrary web script or HTML …
|
CWE-79
Cross-site Scripting
|
CVE-2013-1880
|
2024-11-21 10:50 |
2014-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291109
|
- |
|
mediaelementjs
owncloud
|
mediaelement.js
owncloud
|
Cross-site scripting (XSS) vulnerability in flashmediaelement.swf in MediaElement.js before 2.11.2, as used in ownCloud Server 5.0.x before 5.0.5 and 4.5.x before 4.5.10, allows remote attackers to i…
|
CWE-79
Cross-site Scripting
|
CVE-2013-1967
|
2024-11-21 10:50 |
2014-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291110
|
- |
|
kolja_schleich
|
leaguemanager
|
SQL injection vulnerability in leaguemanager.php in the LeagueManager plugin before 3.8.1 for WordPress allows remote attackers to execute arbitrary SQL commands via the league_id parameter in the le…
|
CWE-89
SQL Injection
|
CVE-2013-1852
|
2024-11-21 10:50 |
2014-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
