събота, 21 август 2021 г.

Weekly Digest: a new vulnerability is published on the National Vulnerability Database (64 items)

New vulnerabilities from the NVD: CVE-2020-36434

An issue was discovered in the sys-info crate before 0.8.0 for Rust. sys_info::disk_info calls can trigger a double free.
Published at: August 08, 2021 at 09:15AM
View on website

August 08, 2021 at 01:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-36433

An issue was discovered in the chunky crate through 2020-08-25 for Rust. The Chunk API does not honor an alignment requirement.
Published at: August 08, 2021 at 09:15AM
View on website

August 08, 2021 at 01:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-36432

An issue was discovered in the alg_ds crate through 2020-08-25 for Rust. There is a drop of uninitialized memory in Matrix::new().
Published at: August 08, 2021 at 09:15AM
View on website

August 08, 2021 at 01:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-17865

** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine 7.01 allows remote attackers to inject arbitrary web script via the wsdlPath parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Published at: August 09, 2021 at 10:15PM
View on website

August 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-17862

** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Fiori allows remote attackers to inject arbitrary web script via the sys_jdbc parameter to /TestJDBC_Web/test2. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Published at: August 09, 2021 at 10:15PM
View on website

August 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2018-17861

** UNSUPPORTED WHEN ASSIGNED ** A cross-site scripting (XSS) vulnerability in SAP J2EE Engine/7.01/Portal/EPP allows remote attackers to inject arbitrary web script via the wsdlLib parameter to /ctcprotocol/Protocol. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.
Published at: August 09, 2021 at 10:15PM
View on website

August 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-7731

SAP Mobile Platform 3.0 SP05 ClientHub allows attackers to obtain the keystream and other sensitive information via the DataVault, aka SAP Security Note 2094830.
Published at: August 09, 2021 at 10:15PM
View on website

August 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-2074

The File Repository Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to write to arbitrary files via a full pathname, aka SAP Note 2018681.
Published at: August 09, 2021 at 10:15PM
View on website

August 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2015-2073

The File RepositoRy Server (FRS) CORBA listener in SAP BussinessObjects Edge 4.0 allows remote attackers to read arbitrary files via a full pathname, aka SAP Note 2018682.
Published at: August 09, 2021 at 10:15PM
View on website

August 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2014-9320

SAP BusinessObjects Edge 4.1 allows remote attackers to obtain the SI_PLATFORM_SEARCH_SERVER_LOGON_TOKEN token and consequently gain SYSTEM privileges via vectors involving CORBA calls, aka SAP Note 2039905.
Published at: August 09, 2021 at 10:15PM
View on website

August 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-6276

** UNSUPPORTED WHEN ASSIGNED ** QNAP F_VioCard 2312 and F_VioGate 2308 have hardcoded entries in authorized_keys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models.
Published at: August 09, 2021 at 09:15PM
View on website

August 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-4718

Cross-site scripting (XSS) vulnerability in Open Ticket Request System (OTRS) ITSM 3.0.x before 3.0.9, 3.1.x before 3.1.10, and 3.2.x before 3.2.7 allows remote authenticated users to inject arbitrary web script or HTML via an ITSM ConfigItem search.
Published at: August 09, 2021 at 10:15PM
View on website

August 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2013-4717

Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbitrary SQL commands via unspecified vectors related to Kernel/Output/HTML/PreferencesCustomQueue.pm, Kernel/System/CustomerCompany.pm, Kernel/System/Ticket/IndexAccelerator/RuntimeDB.pm, Kernel/System/Ticket/IndexAccelerator/StaticDB.pm, and Kernel/System/TicketSearch.pm.
Published at: August 09, 2021 at 10:15PM
View on website

August 09, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24742

An issue has been fixed in Qt versions 5.14.0 where QPluginLoader attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
Published at: August 10, 2021 at 01:15AM
View on website

August 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-24741

An issue has been fixed in Qt versions 5.14.1 and 5.12.7 where QLibrary attempts to load plugins relative to the working directory, allowing attackers to execute arbitrary code via crafted files.
Published at: August 10, 2021 at 01:15AM
View on website

August 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-23151

rConfig 3.9.5 allows command injection by sending a crafted GET request to lib/ajaxHandlers/ajaxArchiveFiles.php since the path parameter is passed directly to the exec function without being escaped.
Published at: August 10, 2021 at 02:15AM
View on website

August 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-23150

A SQL injection vulnerability in config.inc.php of rConfig 3.9.5 allows attackers to access sensitive database information via a crafted GET request to install/lib/ajaxHandlers/ajaxDbInstall.php.
Published at: August 10, 2021 at 02:15AM
View on website

August 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-23149

The dbName parameter in ajaxDbInstall.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a SQL injection and access sensitive database information.
Published at: August 10, 2021 at 02:15AM
View on website

August 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-23148

The userLogin parameter in ldap/login.php of rConfig 3.9.5 is unsanitized, allowing attackers to perform a LDAP injection and obtain sensitive information via a crafted POST request.
Published at: August 10, 2021 at 02:15AM
View on website

August 10, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-28397

A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP PC2 (incl. SIPLUS variants) (All versions), SIMATIC S7 PLCSIM Advanced (All versions > V2 < V4), SIMATIC S7-1200 CPU family (incl. SIPLUS variants) (Version V4.4), SIMATIC S7-1500 CPU family (incl. related ET200 CPUs and SIPLUS variants) (All versions > V2.5 < V2.9.2), SIMATIC S7-1500 Software Controller (All versions > V2.5), TIM 1531 IRC (incl. SIPLUS NET variants) (Version V2.1). Due to an incorrect authorization check in the affected component, an attacker could extract information about access protected PLC program variables over port 102/tcp from an affected device when reading multiple attributes at once.
Published at: August 10, 2021 at 02:15PM
View on website

August 10, 2021 at 03:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-25082

An attacker with physical access to Nuvoton Trusted Platform Module (NPCT75x 7.2.x before 7.2.2.0) could extract an Elliptic Curve Cryptography (ECC) private key via a side-channel attack against ECDSA, because of an Observable Timing Discrepancy.
Published at: August 10, 2021 at 08:15PM
View on website

August 10, 2021 at 09:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-23172

A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives.
Published at: August 10, 2021 at 08:15PM
View on website

August 10, 2021 at 09:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-23171

A vulnerability in all versions of Nim-lang allows unauthenticated attackers to write files to arbitrary directories via a crafted zip file with dot-slash characters included in the name of the crafted file.
Published at: August 10, 2021 at 08:15PM
View on website

August 10, 2021 at 09:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21697

A heap-use-after-free in the mpeg_mux_write_packet function in libavformat/mpegenc.c of FFmpeg 4.2 allows to cause a denial of service (DOS) via a crafted avi file.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21690

A memory leak in the grow_array function in cmdutils.c og Ffmpeg 4.2 allows attackers to cause a denial of service (DOS) via a crafted ogg file.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21688

A heap-use-after-free in the av_freep function in libavutil/mem.c of FFmpeg 4.2 allows attackers to execute arbitrary code.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21684

A global buffer overflow in the put_font in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21683

A global buffer overflow in the shade_or_tint_name_after_declare_color in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21682

A global buffer overflow in the set_fill component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21681

A global buffer overflow in the set_color component in genge.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ge format.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21680

A stack-based buffer overflow in the put_arrow() component in genpict2e.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pict2e format.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21678

A global buffer overflow in the genmp_writefontmacro_latex component in genmp.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into mp format.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21677

A heap-based buffer overflow in the sixel_encoder_output_without_macro function in encoder.c of Libsixel 1.8.4 allows attackers to cause a denial of service (DOS) via converting a crafted PNG file into Sixel format.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21676

A stack-based buffer overflow in the genpstrx_text() component in genpstricks.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into pstricks format.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21675

A stack-based buffer overflow in the genptk_text component in genptk.c of fig2dev 3.2.7b allows attackers to cause a denial of service (DOS) via converting a xfig file into ptk format.
Published at: August 11, 2021 at 12:15AM
View on website

August 11, 2021 at 01:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21930

A stored cross site scripting (XSS) vulnerability in the web_attr_2 field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
Published at: August 11, 2021 at 01:15AM
View on website

August 11, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21929

A stored cross site scripting (XSS) vulnerability in the web_copyright field of Eyoucms v1.4.1 allows authenticated attackers to execute arbitrary web scripts or HTML.
Published at: August 11, 2021 at 01:15AM
View on website

August 11, 2021 at 03:33AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2019-25052

In Linaro OP-TEE before 3.7.0, by using inconsistent or malformed data, it is possible to call update and final cryptographic functions directly, causing a crash that could leak sensitive information.
Published at: August 11, 2021 at 06:15PM
View on website

August 11, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21363

An arbitrary file deletion vulnerability exists within Maccms10.
Published at: August 12, 2021 at 12:15AM
View on website

August 12, 2021 at 01:34AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21362

A cross site scripting (XSS) vulnerability in the background search function of Maccms10 allows attackers to execute arbitrary web scripts or HTML via the 'wd' parameter.
Published at: August 12, 2021 at 12:15AM
View on website

August 12, 2021 at 01:34AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-21359

An arbitrary file upload vulnerability in the Template Upload function of Maccms10 allows attackers bypass the suffix whitelist verification to execute arbitrary code via adding a character to the end of the uploaded file's name.
Published at: August 12, 2021 at 12:15AM
View on website

August 12, 2021 at 01:34AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-16632

In SapphireIMS 4097_1, the password in the database is stored in Base64 format.
Published at: August 12, 2021 at 12:15AM
View on website

August 12, 2021 at 01:34AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-16631

In SapphireIMS 4097_1, a guest user is able to change the password of an administrative user by utilizing an Insecure Direct Object Reference (IDOR) in the "Account Password Reset" functionality.
Published at: August 12, 2021 at 12:15AM
View on website

August 12, 2021 at 01:34AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-16630

In SapphireIMS 4097_1, a guest user can create a local administrator account on any system that has SapphireIMS installed, because of an Insecure Direct Object Reference (IDOR) in the local user creation function.
Published at: August 12, 2021 at 12:15AM
View on website

August 12, 2021 at 01:34AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2017-16629

In SapphireIMS 4097_1, it is possible to guess the registered/active usernames of the software from the errors it gives out for each type of user on the Login form. For "Incorrect User" - it gives an error "The application failed to identify the user. Please contact administrator for help." For "Correct User and Incorrect Password" - it gives an error "Authentication failed. Please login again."
Published at: August 12, 2021 at 12:15AM
View on website

August 12, 2021 at 01:34AM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20981

A SQL injection in the /admin/?n=logs&c=index&a=dolist component of Metinfo 7.0 allows attackers to access sensitive database information.
Published at: August 12, 2021 at 06:15PM
View on website

August 12, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20979

An arbitrary file upload vulnerability in the move_uploaded_file() function of LJCMS v4.3 allows attackers to execute arbitrary code.
Published at: August 12, 2021 at 06:15PM
View on website

August 12, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20977

A stored cross site scripting (XSS) vulnerability in index.php/legend/6.html of UK CMS v1.1.10 allows attackers to execute arbitrary web scripts or HTML via a crafted payload in the Comments section.
Published at: August 12, 2021 at 06:15PM
View on website

August 12, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-20975

In \lib\admin\action\dataaction.class.php in Gxlcms v1.1, SQL Injection exists via the $filename parameter.
Published at: August 12, 2021 at 06:15PM
View on website

August 12, 2021 at 07:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18446

Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the param parameter in the insertContent function in ContentModel.php.
Published at: August 12, 2021 at 08:15PM
View on website

August 12, 2021 at 09:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18445

Cross Site Scripting (XSS) vulnerability exists in YUNUCMS 1.1.9 via the upurl function in Page.php.
Published at: August 12, 2021 at 08:15PM
View on website

August 12, 2021 at 09:34PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18464

Cross Site Request Forgery (CSRF) vulnerability in AikCms 2.0.0 in video_list.php, which can let a malicious user delete movie information.
Published at: August 12, 2021 at 10:15PM
View on website

August 12, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18463

Cross Site Request Forgery (CSRF) vulnerability exists in v2.0.0 in video_list.php, which can let a malicious user delete a video message.
Published at: August 12, 2021 at 10:15PM
View on website

August 12, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18462

File Upload vulnerabilty in AikCms v2.0.0 in poster_edit.php because the background file management office does not verify the uploaded file.
Published at: August 12, 2021 at 10:15PM
View on website

August 12, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18460

Cross Site Request Forgery (CSRF) vulnerability exists in 711cms v1.0.7 that can add an admin account via admin.php?c=Admin&m=content.
Published at: August 12, 2021 at 10:15PM
View on website

August 12, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18458

Cross Site Request Forgery (CSRF) vulnerability exists in DamiCMS v6.0.6 that can add an admin account via admin.php?s=/Admin/doadd.
Published at: August 12, 2021 at 10:15PM
View on website

August 12, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18457

Cross Site Request Forgery (CSRF) vulnerability exists in bycms v1.3.0 that can add an admin account via admin.php/ucenter/add.html.
Published at: August 12, 2021 at 09:15PM
View on website

August 12, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18456

Cross Site Scripting (XSS) vulnerability exists in PbootCMS v1.3.7 via the title parameter in the mod function in SingleController.php.
Published at: August 12, 2021 at 09:15PM
View on website

August 12, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18455

Cross Site Scripting (XSS) vulnerability exists in bycms v3.0.4 via the title parameter in the edit function in Document.php.
Published at: August 12, 2021 at 09:15PM
View on website

August 12, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18454

Cross Site Request Forgery (CSRF) vulnerability in bycms v1.3 via admin.php/systems/index/module_id/70/group_id/1.html.
Published at: August 12, 2021 at 09:15PM
View on website

August 12, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18451

Cross Site Scripting (XSS) vulnerability exists in DamiCMS v6.0.6 via the title parameter in the doadd function in LabelAction.class.php.
Published at: August 12, 2021 at 09:15PM
View on website

August 12, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18449

Cross Site Scripting (XSS) vulnerability exists in UKCMS v1.1.10 via data in the index function in Single.php
Published at: August 12, 2021 at 09:15PM
View on website

August 12, 2021 at 11:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18754

An information disclosure vulnerability exists within Dut Computer Control Engineering Co.'s PLC MAC1100.
Published at: August 13, 2021 at 08:15PM
View on website

August 13, 2021 at 09:33PM

via National Vulnerability Database


New vulnerabilities from the NVD: CVE-2020-18753

An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to gain access to the system and escalate privileges via a crafted packet.
Published at: August 13, 2021 at 08:15PM
View on website

August 13, 2021 at 09:33PM

via National Vulnerability Database


Няма коментари:

Публикуване на коментар

Етикети

имена (151) Ски (140) уеб камери (128) Право (121) документи (111) Grand Tour (102) video (100) Ski (97) webcams (93) skiing weather (83) ski resort information (82) банки (66) ски курорти (60) Маркетинг (45) Рила (40) snow reports (37) икономика (35) София (34) Боровец (33) Borovets (27) Родопи (27) история (27) Банско (26) Пампорово (23) проекти (23) здраве (21) интернет (21) планини (21) смях (21) екипировка (20) карта (20) Pamporovo (19) Rila (19) Time (19) health (19) море (19) Bansko (17) лифт (17) resort information (16) eco (15) раница (15) цени (15) язовир (15) Стара Планина (14) връзки (14) деца (14) пътувания (14) хижа (14) Marketing (13) bike (13) Витоша (13) Пирин (13) snow forecast (12) буква С (12) данъци (12) лавини (12) магазини (12) Алеко (11) буква В (11) буква М (11) freeskiing (10) Маршрути (10) буква А (10) ski abroad (9) Пловдив (9) буква Д (9) отбрана (9) празник (9) първа помощ (9) ски чужбина (9) термини (9) map ski area (8) буква Б (8) буква К (8) календар (8) old applications (7) Чепеларе (7) архитектура (7) буква Г (7) буква Н (7) поддръжка на ски (7) сняг (7) футбол (7) буква Е (6) буква Л (6) буква П (6) буква Т (6) видео (6) годишнини (6) град (6) именни дни (6) къщи (6) трафик (6) хидро (6) Rodopy (5) Skype (5) Sofia (5) YouTube (5) vlog (5) буква И (5) буква Х (5) влог (5) кино (5) литература (5) очила (5) село (5) снимка (5) спорт (5) EU projects (4) Ski Bindings (4) boots (4) gsm (4) smart phone (4) Нотариус (4) буква З (4) буква Ф (4) енергетика (4) ски учител (4) слама (4) състезание (4) туризъм (4) упражнения (4) Aleko (3) Maliovitsa (3) Physics (3) Tyrolia (3) brand (3) climb (3) mass (3) sexy (3) shoe size (3) Безбог (3) Мальовица (3) Узана (3) автомобил (3) безопастност (3) буква Ц (3) буква Ш (3) влак (3) времето в момента (3) докторантури (3) недвижими имоти (3) поща (3) пропаганда (3) пълномощно (3) статистика (3) строителство (3) теснолинейка (3) DIN (2) NASA (2) Release Setting (2) Rossignol (2) Vitosha (2) clothes sizes (2) file hosting (2) franchaise (2) relativity (2) replace (2) search (2) БАССЕС (2) Благоевград (2) Добринище (2) Здравец (2) Лале (2) Мусала (2) Осогово (2) Средна гора (2) бедствие (2) буква Ж (2) буква Й (2) буква О (2) буква У (2) буква Ч (2) буква Щ (2) буква Я (2) геометрия (2) гора (2) еко (2) екология (2) електроенергия (2) космос (2) магистрала (2) местност (2) очи (2) парк (2) плакат (2) планиране (2) световно (2) технологии (2) упътвания (2) явление (2) F1 (1) FIS (1) Fieberbrunn (1) Hamlet (1) Hopfgarten (1) Kirchberg (1) Macedonia (1) Norway (1) Reit im Winkl (1) Scheffau (1) Shakespeare (1) Solomon (1) St Johann (1) Söll (1) Tirol (1) Walchsee (1) Zahmer Kaiser (1) apple (1) drone (1) h Pleven (1) hypnosis (1) ibooks (1) ipad (1) iphone (1) ipod (1) mathematic (1) skate (1) tablet (1) telemark (1) trekking (1) Бачево (1) Беклемето (1) Бяла Черква (1) ВЕИ (1) Вежен (1) Ветровал (1) Гела (1) Горна Оряховица (1) Добрила (1) Информация за фирми (1) Камчатка (1) Карлово (1) Картала (1) Кицбюел (1) Ком (1) Копривки (1) Копривщица (1) Леденото езеро (1) Мерцедес (1) Михаел Шумахер (1) Норвегия (1) Офелиите (1) Панагюрище (1) Предела (1) Румъния (1) Русия (1) САЩ (1) Самоков (1) Студенец (1) Формула 1 (1) Църна Могила (1) Черни Връх (1) Япония (1) автомати (1) биатлон (1) био (1) буква Р (1) буква Ъ (1) буква Ь (1) буква Ю (1) великия пост (1) гра (1) градоустройство (1) дрехи (1) дърво (1) запалка (1) култура (1) ландшафт (1) математика (1) мода (1) музей (1) мъдрости (1) олимпиада (1) поддръжка (1) потребители (1) програма (1) реклама (1) синя зона (1) фото (1) х. Дерменка (1) храна (1)