|
292031
|
- |
|
graphite_project
|
graphite
|
The renderLocalView function in render/views.py in graphite-web in Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a …
|
CWE-94
Code Injection
|
CVE-2013-5093
|
2024-11-21 10:57 |
2013-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292032
|
- |
|
wikkawiki
|
wikkawiki
|
Cross-site scripting (XSS) vulnerability in wikka.php in WikkaWiki before 1.3.4-p1 allows remote attackers to inject arbitrary web script or HTML via the wakka parameter to sql/.
|
CWE-79
Cross-site Scripting
|
CVE-2013-5586
|
2024-11-21 10:57 |
2013-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292033
|
- |
|
linux
|
linux_kernel
|
arch/arm/kvm/arm.c in the Linux kernel before 3.10 on the ARM platform, when KVM is used, allows host OS users to cause a denial of service (NULL pointer dereference, OOPS, and host OS crash) or poss…
|
CWE-399
Resource Management Errors
|
CVE-2013-5634
|
2024-11-21 10:57 |
2013-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292034
|
- |
|
ibm
|
rational_clearcase
|
The RemoteClient component in IBM Rational ClearCase 8.0.0.03 through 8.0.0.07, and 8.0.1, uses world-writable permissions for the rcleartool script, which allows local users to gain privileges by ap…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5373
|
2024-11-21 10:57 |
2013-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292035
|
- |
|
open-xchange
|
open-xchange_appsuite
|
The (1) REST and (2) memcache interfaces in the Hazelcast cluster API in Open-Xchange AppSuite 7.0.x before 7.0.2-rev15 and 7.2.x before 7.2.2-rev16 do not require authentication, which allows remote…
|
CWE-287
Improper Authentication
|
CVE-2013-5200
|
2024-11-21 10:57 |
2013-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292036
|
- |
|
good
|
good_for_enterprise
|
Cross-site scripting (XSS) vulnerability in the Good for Enterprise app before 2.2.4.1659 for iOS allows remote attackers to inject arbitrary web script or HTML via an HTML e-mail message.
|
CWE-79
Cross-site Scripting
|
CVE-2013-5118
|
2024-11-21 10:57 |
2013-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292037
|
- |
|
esri
|
arcgis_server
|
The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging (1) publisher or (2) administrator privileges.
|
NVD-CWE-noinfo
|
CVE-2013-5221
|
2024-11-21 10:57 |
2013-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292038
|
- |
|
freebsd
|
freebsd
|
The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs i…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5710
|
2024-11-21 10:57 |
2013-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292039
|
- |
|
freebsd
|
freebsd
|
The sendfile system-call implementation in sys/kern/uipc_syscalls.c in the kernel in FreeBSD 9.2-RC1 and 9.2-RC2 does not properly pad transmissions, which allows local users to obtain sensitive info…
|
CWE-200
Information Exposure
|
CVE-2013-5666
|
2024-11-21 10:57 |
2013-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292040
|
- |
|
synacor
|
zimbra_collaboration_suite
|
Zimbra Collaboration Suite (ZCS) 6.0.16 and earlier allows man-in-the-middle attackers to obtain access by sniffing the network and replaying the ZM_AUTH_TOKEN token.
|
CWE-287
Improper Authentication
|
CVE-2013-5119
|
2024-11-21 10:57 |
2013-09-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
