|
290691
|
- |
|
apache
|
rave
|
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demon…
|
CWE-200
Information Exposure
|
CVE-2013-1814
|
2024-11-21 10:50 |
2013-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290692
|
- |
|
indusoft
advantech
|
web_studio
advantech_studio
|
Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in…
|
CWE-22
Path Traversal
|
CVE-2013-1627
|
2024-11-21 10:50 |
2013-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290693
|
- |
|
stunnel
|
stunnel
|
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary…
|
CWE-94
Code Injection
|
CVE-2013-1762
|
2024-11-21 10:50 |
2013-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290694
|
- |
|
spreecommerce
|
spree
|
Spree Commerce 1.0.x through 1.3.2 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the (1) payment_method parameter to core/app/con…
|
CWE-20
Improper Input Validation
|
CVE-2013-1656
|
2024-11-21 10:50 |
2013-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290695
|
- |
|
linux
|
linux_kernel
|
The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and sy…
|
CWE-20
Improper Input Validation
|
CVE-2013-1819
|
2024-11-21 10:50 |
2013-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290696
|
- |
|
php
|
php
|
The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an …
|
CWE-200
Information Exposure
|
CVE-2013-1643
|
2024-11-21 10:50 |
2013-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290697
|
- |
|
php
|
php
|
ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1635
|
2024-11-21 10:50 |
2013-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290698
|
- |
|
todd_miller
apple
|
sudo
mac_os_x
|
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1775
|
2024-11-21 10:50 |
2013-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290699
|
- |
|
linux
redhat
|
linux_kernel
enterprise_linux
enterprise_mrg
|
The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /de…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1774
|
2024-11-21 10:50 |
2013-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290700
|
- |
|
linux
redhat
|
linux_kernel
enterprise_linux
enterprise_mrg
|
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-1773
|
2024-11-21 10:50 |
2013-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
