|
291121
|
- |
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to share…
|
CWE-79
Cross-site Scripting
|
CVE-2013-2149
|
2024-11-21 10:51 |
2014-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291122
|
- |
|
owncloud
|
owncloud
|
Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the …
|
NVD-CWE-Other
|
CVE-2013-2089
|
2024-11-21 10:51 |
2014-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291123
|
- |
|
owncloud
|
owncloud
|
The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file.
|
CWE-200
Information Exposure
|
CVE-2013-2086
|
2024-11-21 10:51 |
2014-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291124
|
- |
|
owncloud
|
owncloud
|
Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter.
|
CWE-22
Path Traversal
|
CVE-2013-2085
|
2024-11-21 10:51 |
2014-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291125
|
- |
|
brother
|
mfc-9970cdw_firmware
mfc-9970cdw
|
Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware G (1.03) allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to…
|
CWE-79
Cross-site Scripting
|
CVE-2013-2507
|
2024-11-21 10:51 |
2014-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291126
|
- |
|
batavi
|
batavi
|
Cross-site scripting (XSS) vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to admin/index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2013-2289
|
2024-11-21 10:51 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291127
|
- |
|
airvana
sprint
|
hubbub_c1-600-rt
airave_software
airave
|
Cross-site scripting (XSS) vulnerability in the administration page in Airvana HubBub C1-600-RT and Sprint AIRAVE 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified ve…
|
CWE-79
Cross-site Scripting
|
CVE-2013-2270
|
2024-11-21 10:51 |
2014-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291128
|
- |
|
simplehrm
|
simplehrm
|
SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username p…
|
CWE-89
SQL Injection
|
CVE-2013-2498
|
2024-11-21 10:51 |
2014-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291129
|
- |
|
nagios
|
nagios
|
status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain s…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2214
|
2024-11-21 10:51 |
2014-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291130
|
- |
|
python_bugzilla_project
fedoraproject
opensuse
|
python-bugzilla
fedora
opensuse
|
python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate.
|
CWE-20
Improper Input Validation
|
CVE-2013-2191
|
2024-11-21 10:51 |
2014-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
