|
292671
|
- |
|
faircom
|
c-treeace
|
The Data Camouflage (aka FairCom Standard Encryption) algorithm in FairCom c-treeACE does not ensure that a decryption key is needed for accessing database contents, which allows context-dependent at…
|
CWE-310
Cryptographic Issues
|
CVE-2013-0148
|
2024-11-21 10:46 |
2013-06-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292672
|
- |
|
qnap
|
viostor_network_video_recorder
|
Cross-site request forgery (CSRF) vulnerability in cgi-bin/create_user.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for r…
|
CWE-352
Origin Validation Error
|
CVE-2013-0144
|
2024-11-21 10:46 |
2013-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292673
|
- |
|
qnap
|
viostor_network_video_recorder
surveillance_station_pro
nas
|
cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by lev…
|
CWE-94
Code Injection
|
CVE-2013-0143
|
2024-11-21 10:46 |
2013-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292674
|
- |
|
qnap
|
viostor_network_video_recorder
surveillance_station_pro
nas
|
QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access v…
|
CWE-255
Credentials Management
|
CVE-2013-0142
|
2024-11-21 10:46 |
2013-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292675
|
- |
|
mutiny
|
mutiny_appliance
mutiny_virtual_appliance
mutiny
|
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbi…
|
CWE-22
Path Traversal
|
CVE-2013-0136
|
2024-11-21 10:46 |
2013-06-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292676
|
- |
|
cisco
|
webex
|
Cisco WebEx 4.1 on iOS does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middl…
|
CWE-20
Improper Input Validation
|
CVE-2012-6399
|
2024-11-21 10:46 |
2013-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292677
|
- |
|
elgg
|
elgg
|
engine/lib/access.php in Elgg before 1.8.5 does not properly clear cached access lists during plugin boot, which allows remote attackers to read private entities via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6563
|
2024-11-21 10:46 |
2013-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292678
|
- |
|
elgg
|
elgg
|
engine/lib/users.php in Elgg before 1.8.5 does not properly specify permissions for the useradd action, which allows remote attackers to create arbitrary accounts.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6562
|
2024-11-21 10:46 |
2013-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292679
|
- |
|
elgg
|
elgg
|
Cross-site scripting (XSS) vulnerability in engine/lib/views.php in Elgg before 1.8.5 allows remote attackers to inject arbitrary web script or HTML via the view parameter to index.php. NOTE: some o…
|
CWE-79
Cross-site Scripting
|
CVE-2012-6561
|
2024-11-21 10:46 |
2013-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292680
|
- |
|
freenac
|
freenac
|
SQL injection vulnerability in deviceadd.php in FreeNAC 3.02 allows remote attackers to execute arbitrary SQL commands via the status parameter.
|
CWE-20
Improper Input Validation
|
CVE-2012-6560
|
2024-11-21 10:46 |
2013-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
