|
290381
|
- |
|
batavi
|
batavi
|
Cross-site scripting (XSS) vulnerability in admin/templates/default.php in Batavi 1.2.2 allows remote attackers to inject arbitrary web script or HTML via the QUERY_STRING to admin/index.php.
|
CWE-79
Cross-site Scripting
|
CVE-2013-2289
|
2024-11-21 10:51 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290382
|
- |
|
airvana
sprint
|
hubbub_c1-600-rt
airave_software
airave
|
Cross-site scripting (XSS) vulnerability in the administration page in Airvana HubBub C1-600-RT and Sprint AIRAVE 2.5 allows remote attackers to inject arbitrary web script or HTML via unspecified ve…
|
CWE-79
Cross-site Scripting
|
CVE-2013-2270
|
2024-11-21 10:51 |
2014-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290383
|
- |
|
simplehrm
|
simplehrm
|
SQL injection vulnerability in the login page in flexycms/modules/user/user_manager.php in SimpleHRM 2.3, 2.2, and earlier allows remote attackers to execute arbitrary SQL commands via the username p…
|
CWE-89
SQL Injection
|
CVE-2013-2498
|
2024-11-21 10:51 |
2014-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290384
|
- |
|
nagios
|
nagios
|
status.cgi in Nagios 4.0 before 4.0 beta4 and 3.x before 3.5.1 does not properly restrict access to certain users that are a contact for a service, which allows remote authenticated users to obtain s…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2214
|
2024-11-21 10:51 |
2014-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290385
|
- |
|
python_bugzilla_project
fedoraproject
opensuse
|
python-bugzilla
fedora
opensuse
|
python-bugzilla before 0.9.0 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof Bugzilla servers via a crafted certificate.
|
CWE-20
Improper Input Validation
|
CVE-2013-2191
|
2024-11-21 10:51 |
2014-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290386
|
- |
|
apache
|
hadoop
|
The RPC protocol implementation in Apache Hadoop 2.x before 2.0.6-alpha, 0.23.x before 0.23.9, and 1.x before 1.2.1, when the Kerberos security features are enabled, allows man-in-the-middle attacker…
|
CWE-287
Improper Authentication
|
CVE-2013-2192
|
2024-11-21 10:51 |
2014-01-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290387
|
- |
|
redhat
|
enterprise_virtualization
|
Unquoted Windows search path vulnerability in the SPICE service, as used in Red Hat Enterprise Virtualization (RHEV) 3.2, allows local users to gain privileges via a crafted application in an unspeci…
|
NVD-CWE-Other
|
CVE-2013-2152
|
2024-11-21 10:51 |
2014-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290388
|
- |
|
redhat
|
enterprise_virtualization
|
Unquoted Windows search path vulnerability in Red Hat Enterprise Virtualization (RHEV) 3 and 3.2 allows local users to gain privileges via a crafted application in an unspecified folder.
|
NVD-CWE-Other
|
CVE-2013-2151
|
2024-11-21 10:51 |
2014-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290389
|
- |
|
openstack
|
python-keystoneclient
|
python-keystoneclient before 0.2.4, as used in OpenStack Keystone (Folsom), does not properly check expiry for PKI tokens, which allows remote authenticated users to (1) retain use of a token after i…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2104
|
2024-11-21 10:51 |
2014-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290390
|
- |
|
libimobiledevice
|
libimobiledevice
|
userpref.c in libimobiledevice 1.1.4, when $HOME and $XDG_CONFIG_HOME are not set, allows local users to overwrite arbitrary files via a symlink attack on (1) HostCertificate.pem, (2) HostPrivateKey.…
|
CWE-59
Link Following
|
CVE-2013-2142
|
2024-11-21 10:51 |
2014-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
