|
294231
|
- |
|
zldnn
|
dnnarticle
|
SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid…
|
CWE-89
SQL Injection
|
CVE-2013-5117
|
2024-11-21 10:57 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294232
|
- |
|
raoul_proenca
|
gnew
|
Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the gnew_language cookie.
|
CWE-22
Path Traversal
|
CVE-2013-5639
|
2024-11-21 10:57 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294233
|
- |
|
ibm
|
algo_one
|
IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, does not encrypt…
|
CWE-310
Cryptographic Issues
|
CVE-2013-5468
|
2024-11-21 10:57 |
2014-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294234
|
- |
|
irfanview
|
irfanview
|
Heap-based buffer overflow in IrfanView before 4.37 allows remote attackers to execute arbitrary code via the LZW code stream in a GIF file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-5351
|
2024-11-21 10:57 |
2014-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294235
|
- |
|
ibm
|
platform_symphony
|
An unspecified servlet in IBM Platform Symphony Developer Edition (DE) 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local …
|
CWE-255
Credentials Management
|
CVE-2013-5400
|
2024-11-21 10:57 |
2014-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294236
|
- |
|
ibm
|
infosphere_master_data_management_server_for_product_information_management
infosphere_master_data_management_collaboration_server
|
Cross-site request forgery (CSRF) vulnerability in IBM InfoSphere Master Data Management - Collaborative Edition 10.x before 10.1 FP8 through 11.0 and InfoSphere Master Data Management Server for Pro…
|
CWE-352
Origin Validation Error
|
CVE-2013-5427
|
2024-11-21 10:57 |
2014-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294237
|
- |
|
mcafee
|
vulnerability_manager
|
Cross-site scripting (XSS) vulnerability in index.exp in McAfee Vulnerability Manager 7.5 allows remote attackers to inject arbitrary web script or HTML via the cert_cn cookie parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2013-5094
|
2024-11-21 10:57 |
2014-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294238
|
- |
|
secunia
|
csi_agent
|
Secunia CSI Agent 6.0.0.15017 and earlier, 6.0.1.1007 and earlier, and 7.0.0.21 and earlier, when running on Red Hat Linux, uses world-readable and world-writable permissions for /etc/csia_config.xml…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5364
|
2024-11-21 10:57 |
2014-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294239
|
- |
|
tejimaya
|
openpne
|
The "Remember me" feature in the opSecurityUser::getRememberLoginCookie function in lib/user/opSecurityUser.class.php in OpenPNE 3.6.13 before 3.6.13.1 and 3.8.9 before 3.8.9.1 does not properly vali…
|
CWE-20
Improper Input Validation
|
CVE-2013-5350
|
2024-11-21 10:57 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294240
|
- |
|
thecus
|
n8800_nas_server_firmware
n8800_nas_server
|
The Thecus NAS server N8800 with firmware 5.03.01 uses cleartext credentials for administrative authentication, which allows remote attackers to obtain sensitive information by sniffing the network.
|
CWE-255
Credentials Management
|
CVE-2013-5669
|
2024-11-21 10:57 |
2014-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
