|
290751
|
- |
|
freedesktop
|
poppler
|
The openTempFile function in goo/gfile.cc in Xpdf and Poppler 0.24.3 and earlier, when running on a system other than Unix, allows local users to overwrite arbitrary files via a symlink attack on tem…
|
CWE-59
Link Following
|
CVE-2013-4472
|
2024-11-21 10:55 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290752
|
- |
|
imapsync_project
|
imapsync
|
imapsync 1.564 and earlier performs a release check by default, which sends sensitive information (imapsync, operating system, and Perl version) to the developer's site.
|
CWE-200
Information Exposure
|
CVE-2013-4279
|
2024-11-21 10:55 |
2014-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290753
|
- |
|
uclouvain
|
openjpeg
|
Stack-based buffer overflow in OpenJPEG before 1.5.2 allows remote attackers to have unspecified impact via unknown vectors to (1) lib/openjp3d/opj_jp3d_compress.c, (2) bin/jp3d/convert.c, or (3) lib…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4290
|
2024-11-21 10:55 |
2014-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290754
|
- |
|
uclouvain
|
openjpeg
|
Multiple integer overflows in lib/openjp3d/jp3d.c in OpenJPEG before 1.5.2 allow remote attackers to have unspecified impact and vectors, which trigger a heap-based buffer overflow.
|
CWE-189
Numeric Errors
|
CVE-2013-4289
|
2024-11-21 10:55 |
2014-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290755
|
- |
|
hitmyserver
|
hms_testimonials
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to hijack the authentication of administrators for request…
|
CWE-352
Origin Validation Error
|
CVE-2013-4240
|
2024-11-21 10:55 |
2014-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290756
|
- |
|
samba
canonical
|
samba
ubuntu_linux
|
Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obta…
|
CWE-255
Credentials Management
|
CVE-2013-4496
|
2024-11-21 10:55 |
2014-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290757
|
- |
|
vicidial
|
vicidial
|
Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQ…
|
CWE-89
SQL Injection
|
CVE-2013-4467
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290758
|
- |
|
php
|
xhprof
|
Cross-site scripting (XSS) vulnerability in XHProf before 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the run parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2013-4433
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290759
|
- |
|
schneems
|
wicked
|
Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot sl…
|
CWE-22
Path Traversal
|
CVE-2013-4413
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290760
|
- |
|
plone
|
plone
|
mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password emai…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4198
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
