|
289811
|
- |
|
redhat
async-http-client_project
|
jboss_fuse
async-http-client
|
Async Http Client (aka AHC or async-http-client) before 1.9.0 skips X.509 certificate verification unless both a keyStore location and a trustStore location are explicitly set, which allows man-in-th…
|
CWE-345
Insufficient Verification of Data Authenticity
|
CVE-2013-7397
|
2024-11-21 11:00 |
2015-06-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289812
|
- |
|
kanaka
|
novnc
|
noVNC before 0.5 does not set the secure flag for a cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http sessi…
|
CWE-310
Cryptographic Issues
|
CVE-2013-7436
|
2024-11-21 11:00 |
2015-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289813
|
- |
|
pbm212030_project
|
pbm212030
|
Multiple buffer overflows in pbm212030 allow remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a crafted PBM image, related to (1) stream line data, which t…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-7438
|
2024-11-21 11:00 |
2015-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289814
|
- |
|
icoasoft
|
potrace
|
Multiple integer overflows in potrace 1.11 allow remote attackers to cause a denial of service (crash) via large dimensions in a BMP image, which triggers a buffer overflow.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2013-7437
|
2024-11-21 11:00 |
2015-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289815
|
- |
|
canonical
debian
linux
oracle
|
ubuntu_linux
debian_linux
linux_kernel
linux
|
The Crypto API in the Linux kernel before 3.18.5 allows local users to load arbitrary kernel modules via a bind system call for an AF_ALG socket with a module name in the salg_name field, a different…
|
CWE-269
Improper Privilege Management
|
CVE-2013-7421
|
2024-11-21 11:00 |
2015-03-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289816
|
- |
|
redhat
canonical
opensuse
gnu
|
enterprise_linux_server_aus
ubuntu_linux
opensuse
glibc
|
The send_dg function in resolv/res_send.c in GNU C Library (aka glibc or libc6) before 2.20 does not properly reuse file descriptors, which allows remote attackers to send DNS queries to unintended l…
|
CWE-17
Code
|
CVE-2013-7423
|
2024-11-21 11:00 |
2015-02-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289817
|
- |
|
kde
|
kde_applications
|
kwalletd in KWallet before KDE Applications 14.12.0 uses Blowfish with ECB mode instead of CBC mode when encrypting the password store, which makes it easier for attackers to guess passwords via a co…
|
CWE-310
Cryptographic Issues
|
CVE-2013-7252
|
2024-11-21 11:00 |
2015-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289818
|
- |
|
hancom
|
hancom_office_2010_se
|
Buffer overflow in Hancom Office 2010 SE allows remote attackers to execute arbitrary via a long string in the Text attribute in a TEXTART XML element in an HML file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-7420
|
2024-11-21 11:00 |
2015-01-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289819
|
- |
|
joomlaskin
|
js_multi_hotel
|
Cross-site scripting (XSS) vulnerability in includes/refreshDate.php in the Joomlaskin JS Multi Hotel (aka JS MultiHotel and Js-Multi-Hotel) plugin 2.2.1 for WordPress allows remote attackers to inje…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7419
|
2024-11-21 11:00 |
2015-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289820
|
- |
|
ipcop
|
ipcop
|
cgi-bin/iptablesgui.cgi in IPCop (aka IPCop Firewall) before 2.1.5 allows remote authenticated users to execute arbitrary code via shell metacharacters in the TABLE parameter. NOTE: this can be expl…
|
CWE-77
Command Injection
|
CVE-2013-7418
|
2024-11-21 11:00 |
2015-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
