|
290071
|
6.1 |
MEDIUM
Network
|
mahara
|
mahara
|
Cross-site Scripting (XSS) in Mahara before 1.5.9 and 1.6.x before 1.6.4 allows remote attackers to inject arbitrary web script or HTML via the TinyMCE editor.
|
CWE-79
Cross-site Scripting
|
CVE-2013-1426
|
2024-11-21 10:49 |
2019-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290072
|
5.5 |
MEDIUM
Local
|
ldap_git_backup_project
debian
|
ldap_git_backup
debian_linux
|
ldap-git-backup before 1.0.4 exposes password hashes due to incorrect directory permissions.
|
CWE-276
Incorrect Default Permissions
|
CVE-2013-1425
|
2024-11-21 10:49 |
2019-11-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290073
|
7.5 |
HIGH
Network
|
huntcctv
capturecctv
hachi
novuscctv
vsp
|
dvr-04ch_firmware
dvr-04nc_firmware
dvr-08ch_firmware
dvr-08nc_firmware
dvr-16ch_firmware
dr6-704a4h_firmware
dr6-708a4h_firmware
dr6-7316a4h_firmware
dr6-7316a4hl_firmware
Authentication bypass vulnerability in the the web interface in Hunt CCTV, Capture CCTV, Hachi CCTV, NoVus CCTV, and Well-Vision Inc DVR systems allows a remote attacker to retrieve the device config…
|
CWE-287
Improper Authentication
|
CVE-2013-1391
|
2024-11-21 10:49 |
2019-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
|
290074
|
9.8 |
CRITICAL
Network
|
neutrinolabs
debian
|
xrdp
debian_linux
|
An issue was discovered in xrdp before 0.9.1. When successfully logging in using RDP into an xrdp session, the file ~/.vnc/sesman_${username}_passwd is created. Its content is the equivalent of the u…
|
CWE-255
Credentials Management
|
CVE-2013-1430
|
2024-11-21 10:49 |
2016-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290075
|
- |
|
xmonad
|
xmonad-contrab
|
The XMonad.Hooks.DynamicLog module in xmonad-contrib before 0.11.2 allows remote attackers to execute arbitrary commands via a web page title, which activates the commands when the user clicks on the…
|
CWE-94
Code Injection
|
CVE-2013-1436
|
2024-11-21 10:49 |
2014-10-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290076
|
- |
|
dleviet
|
datalife_engine
|
DataLife Engine (DLE) 9.7 allows remote attackers to execute arbitrary PHP code via the catlist[] parameter to engine/preview.php, which is used in a preg_replace function call with an e modifier.
|
CWE-94
Code Injection
|
CVE-2013-1412
|
2024-11-21 10:49 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290077
|
- |
|
sensiolabs
|
symfony
|
Symfony 2.0.x before 2.0.22, 2.1.x before 2.1.7, and 2.2.x remote attackers to execute arbitrary PHP code via a serialized PHP object to the (1) Yaml::parse or (2) Yaml\Parser::parse function, a diff…
|
CWE-94
Code Injection
|
CVE-2013-1397
|
2024-11-21 10:49 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290078
|
- |
|
sensiolabs
|
symfony
|
The Yaml::parse function in Symfony 2.0.x before 2.0.22 remote attackers to execute arbitrary PHP code via a PHP file, a different vulnerability than CVE-2013-1397.
|
CWE-94
Code Injection
|
CVE-2013-1348
|
2024-11-21 10:49 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290079
|
- |
|
cisco
|
nx-os
nexus_7000
nexus_7000_10-slot
nexus_7000_18-slot
nexus_7000_9-slot
|
Cisco NX-OS 6.1 before 6.1(5) on Nexus 7000 devices, when local authentication and multiple VDCs are enabled, allows remote authenticated users to gain privileges within an unintended VDC via crafted…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1191
|
2024-11-21 10:49 |
2014-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290080
|
- |
|
netweblogic
|
events_manager
events_manager_pro
|
Multiple cross-site scripting (XSS) vulnerabilities in the Events Manager plugin before 5.3.5 and Events Manager Pro plugin before 2.2.9 for WordPress allow remote attackers to inject arbitrary web s…
|
CWE-79
Cross-site Scripting
|
CVE-2013-1407
|
2024-11-21 10:49 |
2014-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
