|
291951
|
- |
|
realnetworks
|
realplayer
realplayer_sp
|
RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed RealM…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4974
|
2024-11-21 10:56 |
2013-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291952
|
- |
|
realnetworks
|
realplayer
realplayer_sp
|
Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted .rmp file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4973
|
2024-11-21 10:56 |
2013-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291953
|
- |
|
janrain
|
php-openid
|
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consum…
|
NVD-CWE-noinfo
|
CVE-2013-4701
|
2024-11-21 10:56 |
2013-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291954
|
- |
|
yahoo
|
japan_shopping
|
The Yahoo! Japan Shopping application 1.4 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive i…
|
CWE-310
Cryptographic Issues
|
CVE-2013-4700
|
2024-11-21 10:56 |
2013-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291955
|
- |
|
yahoo
|
yafuoku\!
|
The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain s…
|
CWE-310
Cryptographic Issues
|
CVE-2013-4699
|
2024-11-21 10:56 |
2013-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291956
|
- |
|
puppet
|
puppet_enterprise
|
Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the l…
|
CWE-255
Credentials Management
|
CVE-2013-4967
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291957
|
- |
|
puppet
|
puppet_enterprise
|
Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmiss…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4964
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291958
|
- |
|
puppet
|
puppet_enterprise
|
The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended …
|
CWE-255
Credentials Management
|
CVE-2013-4962
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291959
|
- |
|
puppet
|
puppet_enterprise
|
Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information.
|
CWE-200
Information Exposure
|
CVE-2013-4961
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291960
|
- |
|
puppet
|
puppet_enterprise
|
Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host na…
|
CWE-200
Information Exposure
|
CVE-2013-4959
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
