|
290101
|
- |
|
apache
|
libcloud
|
Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.
|
CWE-200
Information Exposure
|
CVE-2013-6480
|
2024-11-21 10:59 |
2014-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290102
|
- |
|
openstack
|
havana
|
Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive…
|
CWE-200
Information Exposure
|
CVE-2013-6419
|
2024-11-21 10:59 |
2014-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290103
|
- |
|
devscripts_devel_team
|
devscripts
|
Uscan in devscripts before 2.13.9 allows remote attackers to execute arbitrary code via a crafted tarball.
|
NVD-CWE-noinfo
|
CVE-2013-6888
|
2024-11-21 10:59 |
2014-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290104
|
- |
|
cru-inc
|
ditto_forensic_fieldstation_firmware
ditto_forensic_fieldstation
|
The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.
|
CWE-255
Credentials Management
|
CVE-2013-6884
|
2024-11-21 10:59 |
2014-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290105
|
- |
|
cru-inc
|
ditto_forensic_fieldstation_firmware
ditto_forensic_fieldstation
|
CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the …
|
CWE-78
OS Command
|
CVE-2013-6881
|
2024-11-21 10:59 |
2014-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290106
|
- |
|
hp
|
linux_imaging_and_printing_project
|
base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.
|
CWE-59
Link Following
|
CVE-2013-6402
|
2024-11-21 10:59 |
2014-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290107
|
- |
|
openssl
|
openssl
|
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-t…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6450
|
2024-11-21 10:59 |
2014-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290108
|
- |
|
mislav_marohnic
|
will_paginate
|
Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links.
|
CWE-79
Cross-site Scripting
|
CVE-2013-6459
|
2024-11-21 10:59 |
2014-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290109
|
- |
|
irfanview
|
irfanview
|
Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly han…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-6932
|
2024-11-21 10:59 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290110
|
- |
|
cybozu
|
garoon
|
SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input.
|
CWE-89
SQL Injection
|
CVE-2013-6929
|
2024-11-21 10:59 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
