|
287181
|
- |
|
freedesktop
|
poppler
|
The JBIG2Stream::readSegments method in JBIG2Stream.cc in Poppler before 0.24.5 does not use the correct specifier within a format string, which allows context-dependent attackers to cause a denial o…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-7296
|
2024-11-21 11:00 |
2014-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287182
|
- |
|
franklinfueling
|
ts-550_evo_firmware
ts-550_evo
|
Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 has a hardcoded password for the roleDiag account, which allows remote attackers to gain root privileges, …
|
CWE-255
Credentials Management
|
CVE-2013-7248
|
2024-11-21 11:00 |
2014-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287183
|
- |
|
franklinfueling
|
ts-550_evo_firmware
ts-550_evo
|
cgi-bin/tsaws.cgi in Franklin Fueling Systems TS-550 evo with firmware 2.0.0.6833 and other versions before 2.4.0 allows remote attackers to discover sensitive information (user names and password ha…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7247
|
2024-11-21 11:00 |
2014-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287184
|
9.8 |
CRITICAL
Network
|
burden_project
|
burden
|
The "remember me" functionality in login.php in Burden before 1.8.1 allows remote attackers to bypass authentication and gain privileges by setting the burden_user_rememberme cookie to 1.
|
CWE-287
Improper Authentication
|
CVE-2013-7137
|
2024-11-21 11:00 |
2014-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287185
|
- |
|
cs-cart
|
cs-cart
|
Multiple cross-site scripting (XSS) vulnerabilities in CS-Cart before 4.1.1 allow remote attackers to inject arbitrary web script or HTML via the (1) settings_file or (2) data_file parameter to (a) a…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7317
|
2024-11-21 11:00 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287186
|
- |
|
gitlab
|
gitlab
|
Cross-site scripting (XSS) vulnerability in GitLab 6.0 and other versions before 6.5.0 allows remote attackers to inject arbitrary web script or HTML via a crafted HTML file, as demonstrated by READM…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7316
|
2024-11-21 11:00 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287187
|
- |
|
gomlab
|
gom_player
|
Gretech GOM Media Player 2.2.56.5158 and earlier allows remote attackers to cause a denial of service (memory corruption) via a crafted AVI file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-7184
|
2024-11-21 11:00 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287188
|
- |
|
avanset
|
visual_certexam_manager
|
Multiple SQL injection vulnerabilities in Avanset Visual CertExam Manager 3.3 and earlier allow remote authenticated users to execute arbitrary SQL commands via the (1) Title, (2) File name, or (3) C…
|
CWE-89
SQL Injection
|
CVE-2013-7175
|
2024-11-21 11:00 |
2014-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287189
|
- |
|
springsource
vmware
|
spring_framework
|
The Spring MVC in Spring Framework before 3.2.4 and 4.0.0.M1 through 4.0.0.M2 does not disable external entity resolution for the StAX XMLInputFactory, which allows context-dependent attackers to rea…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7315
|
2024-11-21 11:00 |
2014-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287190
|
- |
|
openstack
|
nova
|
OpenStack Compute (Nova) Grizzly 2013.1.4, Havana 2013.2.1, and earlier uses world-writable and world-readable permissions for the temporary directory used to store live snapshots, which allows local…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7048
|
2024-11-21 11:00 |
2014-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
