Cross-site scripting (XSS) vulnerability in libraries/idna_convert/example.php in Joomla! 3.1.5 allows remote attackers to inject arbitrary web script or HTML via the lang parameter. Date published : 2013-12-28 http://www.securityfocus.com/bid/61600 http://disse.cting.org/2013/08/05/joomla-core-3_1_5_reflected-xss-vulnerability/
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CSpliceTreeEngine::InsertSplice object in an HTML document, aka...
Cross-site scripting (XSS) vulnerability in SPS/Portal/default.aspx in Service Desk in Matrix42 Service Store 5.3 SP3 (aka 5.33.946.0) allows remote attackers to inject arbitrary web script or HTML via the query string. Date published :...
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to execute arbitrary SQL commands via the what parameter...
Cisco IOS XE 3.7S(.1) and earlier allows remote attackers to cause a denial of service (Packet Processor crash) via fragmented MPLS IP packets, aka Bug ID CSCul00709. Date published : 2013-12-27 http://www.securityfocus.com/bid/64514 http://tools.cisco.com/security/center/content/CiscoSecurityNotice/CVE-2013-6981
Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly handled by the Thumbnail tooltips feature...
SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input. Date published : 2013-12-27 https://support.cybozu.com/ja-jp/article/7889 http://jvn.jp/en/jp/JVN60997973/index.html
RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper. Date published : 2013-12-27...
The ONEDC app before 1.7 for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate. Date published :...
Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php. Date published : 2013-12-27 http://www.zend.to/changelog.php https://www.packetlabs.net/cve-2013-6808/
Unquoted Windows search path vulnerability in EMC Replication Manager before 5.5 allows local users to gain privileges via a crafted application in a parent directory of an intended directory. Date published : 2013-12-27 http://www.securityfocus.com/bid/64520...
EMC Watch4Net before 6.3 stores cleartext polled-device passwords in the installation repository, which allows local users to obtain sensitive information by leveraging repository privileges. Date published : 2013-12-27 http://www.securityfocus.com/bid/64517 http://archives.neohapsis.com/archives/bugtraq/2013-12/0140.html
Cybozu Garoon 3.5 through 3.7 SP2 allows remote attackers to bypass Keitai authentication via a modified user ID in a request. Date published : 2013-12-27 https://support.cybozu.com/ja-jp/article/7893 http://jvn.jp/en/jp/JVN81706478/index.html
Cross-site scripting (XSS) vulnerability in the Roles Based Provisioning Module 4.0.2 before Field Patch D for Novell Identity Manager (aka IDM) allows remote attackers to inject arbitrary web script or HTML via a taskDetail...