|
285591
|
- |
|
open-xchange
|
open-xchange_appsuite
|
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified oAuth API functions.
|
CWE-79
Cross-site Scripting
|
CVE-2013-7142
|
2024-11-21 11:00 |
2014-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285592
|
- |
|
open-xchange
|
open-xchange_appsuite
|
Cross-site scripting (XSS) vulnerability in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to crafted "<%"…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7141
|
2024-11-21 11:00 |
2014-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285593
|
- |
|
open-xchange
|
open-xchange_appsuite
|
XML External Entity (XXE) vulnerability in the CalDAV interface in Open-Xchange (OX) AppSuite 7.4.1 and earlier allows remote authenticated users to read portions of arbitrary files via vectors relat…
|
NVD-CWE-Other
|
CVE-2013-7140
|
2024-11-21 11:00 |
2014-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285594
|
- |
|
freedesktop
|
poppler
|
The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial o…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-7296
|
2024-11-21 11:00 |
2014-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285595
|
- |
|
franklinfueling
|
ts-550_evo_firmware
ts-550_evo
|
Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, …
|
CWE-255
Credentials Management
|
CVE-2013-7248
|
2024-11-21 11:00 |
2014-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285596
|
- |
|
franklinfueling
|
ts-550_evo_firmware
ts-550_evo
|
cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password ha…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7247
|
2024-11-21 11:00 |
2014-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285597
|
9.8 |
CRITICAL
Network
|
burden_project
|
burden
|
The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1.
|
CWE-287
Improper Authentication
|
CVE-2013-7137
|
2024-11-21 11:00 |
2014-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285598
|
- |
|
cs-cart
|
cs-cart
|
Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) a…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7317
|
2024-11-21 11:00 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285599
|
- |
|
gitlab
|
gitlab
|
Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by READM…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7316
|
2024-11-21 11:00 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285600
|
- |
|
gomlab
|
gom_player
|
Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted AVI file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-7184
|
2024-11-21 11:00 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
