|
290231
|
- |
|
hp
|
service_manager
|
Cross-site scripting (XSS) vulnerability in the Mobility Web Client and Service Request Catalog (SRC) components in HP Service Manager (SM) 7.21 and 9.x before 9.34 allows remote attackers to inject …
|
CWE-79
Cross-site Scripting
|
CVE-2013-6222
|
2024-11-21 10:58 |
2014-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290232
|
- |
|
ibm
|
power_760_firmware
power_770
power_780
power_795
power_ese
power_740_firmware
power_710
power_720
power_730
power_740
power_770_firmware
power_750
power_760
pow…
|
Unspecified vulnerability on IBM Power 7 Systems 740 before 740.70 01Ax740_121, 760 before 760.40 Ax760_078, and 770 before 770.30 01Ax770_062 allows local users to gain Service Processor privileges …
|
NVD-CWE-noinfo
|
CVE-2013-6306
|
2024-11-21 10:58 |
2014-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290233
|
- |
|
yealink
|
sip-t38g
|
cgi-bin/cgiServer.exx in Yealink VoIP Phone SIP-T38G allows remote authenticated users to execute arbitrary commands by calling the system method in the body of a request, as demonstrated by running …
|
CWE-78
OS Command
|
CVE-2013-5758
|
2024-11-21 10:58 |
2014-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290234
|
- |
|
yealink
|
sip-t38g
|
Absolute path traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a full pathname in the dumpConfigFile function in the command parame…
|
CWE-22
Path Traversal
|
CVE-2013-5757
|
2024-11-21 10:58 |
2014-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290235
|
- |
|
yealink
|
sip-t38g
|
Directory traversal vulnerability in Yealink VoIP Phone SIP-T38G allows remote authenticated users to read arbitrary files via a .. (dot dot) in the page parameter to cgi-bin/cgiServer.exx.
|
CWE-22
Path Traversal
|
CVE-2013-5756
|
2024-11-21 10:58 |
2014-08-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290236
|
- |
|
oracle
|
mojarra
|
Oracle Mojarra 2.2.x before 2.2.6 and 2.1.x before 2.1.28 does not perform appropriate encoding when a (1) <h:outputText> tag or (2) EL expression is used after a scriptor style block, which allows r…
|
CWE-79
Cross-site Scripting
|
CVE-2013-5855
|
2024-11-21 10:58 |
2014-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290237
|
- |
|
yealink
|
sip-t38g
|
config/.htpasswd in Yealink IP Phone SIP-T38G has a hardcoded password of (1) user (s7C9Cx.rLsWFA) for the user account, (2) admin (uoCbM.VEiKQto) for the admin account, and (3) var (jhl3iZAe./qXM) f…
|
CWE-255
Credentials Management
|
CVE-2013-5755
|
2024-11-21 10:58 |
2014-07-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290238
|
- |
|
dahuasecurity
|
dvr_firmware
|
Dahua DVR 2.608.0000.0 and 2.608.GV00.0 allows remote attackers to bypass authentication and obtain sensitive information including user credentials, change user passwords, clear log files, and perfo…
|
CWE-287
Improper Authentication
|
CVE-2013-6117
|
2024-11-21 10:58 |
2014-07-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290239
|
- |
|
ibm
|
marketing_platform
|
SQL injection vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors.
|
CWE-89
SQL Injection
|
CVE-2013-6311
|
2024-11-21 10:58 |
2014-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290240
|
- |
|
ibm
|
marketing_platform
|
Cross-site scripting (XSS) vulnerability in IBM Marketing Platform 9.1 before FP2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2013-6310
|
2024-11-21 10:58 |
2014-06-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
