|
285561
|
- |
|
microsoft
|
windows_8.1
windows_8
|
The Microsoft.XMLDOM ActiveX control in Microsoft Windows 8.1 and earlier does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memor…
|
CWE-399
Resource Management Errors
|
CVE-2013-7332
|
2024-11-21 11:00 |
2014-02-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285562
|
- |
|
belkin
|
wemo_home_automation_firmware
|
The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data.
|
CWE-310
Cryptographic Issues
|
CVE-2013-6952
|
2024-11-21 11:00 |
2014-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285563
|
- |
|
belkin
|
wemo_home_automation_firmware
|
The Belkin WeMo Home Automation firmware before 3949 does not maintain a set of Certification Authority public keys, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary X.5…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6951
|
2024-11-21 11:00 |
2014-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285564
|
- |
|
belkin
|
wemo_home_automation_firmware
|
The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution serv…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6950
|
2024-11-21 11:00 |
2014-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285565
|
- |
|
belkin
|
wemo_home_automation_firmware
|
The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6949
|
2024-11-21 11:00 |
2014-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285566
|
- |
|
belkin
|
wemo_home_automation_firmware
|
The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunct…
|
CWE-94
Code Injection
|
CVE-2013-6948
|
2024-11-21 11:00 |
2014-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285567
|
- |
|
php
|
php
|
Multiple integer signedness errors in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allow remote attackers to cause a denial of service (application crash) or obtain sensitive inf…
|
CWE-189
Numeric Errors
|
CVE-2013-7328
|
2024-11-21 11:00 |
2014-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285568
|
- |
|
canonical
php
|
ubuntu_linux
php
|
The gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 does not check return values, which allows remote attackers to cause a denial of service (application crash) or possibly have unspeci…
|
CWE-20
Improper Input Validation
|
CVE-2013-7327
|
2024-11-21 11:00 |
2014-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285569
|
- |
|
php
|
php
|
Integer overflow in the gdImageCrop function in ext/gd/gd.c in PHP 5.5.x before 5.5.9 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impac…
|
CWE-189
Numeric Errors
|
CVE-2013-7226
|
2024-11-21 11:00 |
2014-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285570
|
- |
|
vtiger
|
vtiger_crm
|
Cross-site scripting (XSS) vulnerability in vTiger CRM 5.4.0 allows remote attackers to inject arbitrary web script or HTML via the (1) return_url parameter to modules\com_vtiger_workflow\savetemplat…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7326
|
2024-11-21 11:00 |
2014-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
