|
291781
|
- |
|
moodle
|
moodle
|
lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send "Cache-Control: private" HTTP headers, which allows remote attackers to obtain …
|
CWE-200
Information Exposure
|
CVE-2013-4522
|
2024-11-21 10:55 |
2013-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291782
|
- |
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject ar…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4573
|
2024-11-21 10:55 |
2013-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291783
|
- |
|
ibus_project
opensuse
|
ibus
opensuse
|
The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allo…
|
CWE-255
Credentials Management
|
CVE-2013-4509
|
2024-11-21 10:55 |
2013-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291784
|
- |
|
ruby-lang
|
ruby
|
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial o…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4164
|
2024-11-21 10:55 |
2013-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291785
|
- |
|
f5
opensuse
suse
|
nginx
opensuse
studio_onsite
webyast
lifecycle_management_server
|
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2013-4547
|
2024-11-21 10:55 |
2013-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291786
|
- |
|
robert_ancell
canonical
|
lightdm
ubuntu_linux
|
LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4459
|
2024-11-21 10:55 |
2013-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291787
|
- |
|
http-body_project
|
http-body
|
HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, whic…
|
NVD-CWE-noinfo
|
CVE-2013-4407
|
2024-11-21 10:55 |
2013-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291788
|
- |
|
openstack
|
image_registry_and_delivery_service_\(glance\)
|
The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.
|
CWE-20
Improper Input Validation
|
CVE-2013-4354
|
2024-11-21 10:55 |
2013-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291789
|
- |
|
ffmpeg
|
ffmpeg
|
The av_reallocp_array function in libavutil/mem.c in FFmpeg before 2.0.1 has an unspecified impact and remote vectors related to a "wrong return code" and a resultant NULL pointer dereference.
|
NVD-CWE-Other
|
CVE-2013-4265
|
2024-11-21 10:55 |
2013-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291790
|
- |
|
ffmpeg
|
ffmpeg
|
The kempf_decode_tile function in libavcodec/g2meet.c in FFmpeg before 2.0.1 allows remote attackers to cause a denial of service (out-of-bounds heap write) via a G2M4 encoded file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4264
|
2024-11-21 10:55 |
2013-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
