|
286421
|
- |
|
dlink
|
dsl-2740b_firmware
dsl-2740b
|
Multiple cross-site request forgery (CSRF) vulnerabilities in D-Link DSL-2740B Gateway with firmware EU_1.00 allow remote attackers to hijack the authentication of administrators for requests that (1…
|
CWE-352
Origin Validation Error
|
CVE-2013-5730
|
2024-11-21 10:58 |
2013-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286422
|
- |
|
softaculous
|
webuzo
|
Cross-site scripting (XSS) vulnerability in filemanager/login.php in the File Manager module in Softaculous Webuzo before 2.1.4 allows remote attackers to inject arbitrary web script or HTML via the …
|
CWE-79
Cross-site Scripting
|
CVE-2013-6042
|
2024-11-21 10:58 |
2013-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286423
|
- |
|
vmware
|
workstation
player
|
VMware Workstation 9.x before 9.0.3 and VMware Player 5.x before 5.0.3 on Linux do not properly handle shared libraries, which allows host OS users to gain host OS privileges via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5972
|
2024-11-21 10:58 |
2013-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286424
|
- |
|
ajaxplorer
|
ajaxplorer
|
Directory traversal vulnerability in plugins/editor.zoho/agent/save_zoho.php in the Zoho plugin in Pydio (formerly AjaXplorer) before 5.0.4 allows remote attackers to read or delete arbitrary files v…
|
CWE-22
Path Traversal
|
CVE-2013-6226
|
2024-11-21 10:58 |
2013-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286425
|
- |
|
zikula
|
zikula_application_framework
|
Cross-site scripting (XSS) vulnerability in Zikula Application Framework before 1.3.6 allows remote attackers to inject arbitrary web script or HTML via the returnpage parameter to index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2013-6168
|
2024-11-21 10:58 |
2013-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286426
|
- |
|
projeqtor
|
projeqtor
|
SQL injection vulnerability in view/objectDetail.php in Project'Or RIA 3.4.0 allows remote attackers to execute arbitrary SQL commands via the objectId parameter.
|
CWE-89
SQL Injection
|
CVE-2013-6164
|
2024-11-21 10:58 |
2013-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286427
|
- |
|
projeqtor
|
projeqtor
|
Multiple cross-site scripting (XSS) vulnerabilities in ProjeQtOr (formerly Project'Or RIA) before 4.0.0 allow remote attackers to inject arbitrary web script or HTML via the (1) type parameter to vie…
|
CWE-79
Cross-site Scripting
|
CVE-2013-6163
|
2024-11-21 10:58 |
2013-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286428
|
- |
|
apprain
|
apprain
|
SQL injection vulnerability in appRain CMF 3.0.2 and earlier allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to blog-by-cat/.
|
CWE-89
SQL Injection
|
CVE-2013-6058
|
2024-11-21 10:58 |
2013-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286429
|
- |
|
justsystems
|
ichitaro_pro
ichitaro_portable_with_oreplug
ichitaro
ichitaro_viewer
|
Unspecified vulnerability in JustSystems Ichitaro 2006 through 2011; Ichitaro Government 6, 7, and 2006 through 2010; Ichitaro 2011 Sou; Ichitaro 2012 Shou; Ichitaro 2013 Gen and Gen Trial Edition; I…
|
NVD-CWE-noinfo
|
CVE-2013-5990
|
2024-11-21 10:58 |
2013-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286430
|
- |
|
tapbots
|
tweetbot
|
Tweetbot 1.3.3 for Mac, and 2.8.5 for iPad and iPhone, does not require confirmation of (1) follow or (2) favorite actions, which allows remote attackers to automatically force the user to perform un…
|
CWE-352
Origin Validation Error
|
CVE-2013-5726
|
2024-11-21 10:58 |
2013-11-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
