|
290041
|
- |
|
mediawiki
brion_vibber
|
mediawiki
centralauth_extension
|
The CentralAuth extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 caches a valid CentralAuthUser object in the centralauth_User cookie even when a user has …
|
CWE-287
Improper Authentication
|
CVE-2013-4304
|
2024-11-21 10:55 |
2014-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290042
|
- |
|
plone
|
plone
|
The isURLInPortal method in the URLTool class in in_portal.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 treats URLs starting with a space as a relative URL, which allows …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4200
|
2024-11-21 10:55 |
2014-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290043
|
- |
|
qemu
xen
|
qemu
xen
|
The qdisk PV disk backend in qemu-xen in Xen 4.2.x and 4.3.x before 4.3.1, and qemu 1.1 and other versions, allows local HVM guests to cause a denial of service (domain grant reference consumption) v…
|
CWE-399
Resource Management Errors
|
CVE-2013-4375
|
2024-11-21 10:55 |
2014-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290044
|
- |
|
libtiff
|
libtiff
|
Multiple buffer overflows in libtiff before 4.0.3 allow remote attackers to cause a denial of service (out-of-bounds write) via a crafted (1) extension block in a GIF image or (2) GIF raster image to…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4231
|
2024-11-21 10:55 |
2014-01-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290045
|
- |
|
apache
|
santuario_xml_security_for_java
|
Apache Santuario XML Security for Java before 1.5.6, when applying Transforms, allows remote attackers to cause a denial of service (memory consumption) via crafted Document Type Definitions (DTDs), …
|
CWE-399
Resource Management Errors
|
CVE-2013-4517
|
2024-11-21 10:55 |
2014-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290046
|
- |
|
mantisbt
|
mantisbt
|
Cross-site scripting (XSS) vulnerability in account_sponsor_page.php in MantisBT 1.0.0 through 1.2.15 allows remote authenticated users to inject arbitrary web script or HTML via a project name.
|
CWE-79
Cross-site Scripting
|
CVE-2013-4460
|
2024-11-21 10:55 |
2014-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290047
|
- |
|
openssl
|
openssl
|
The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next P…
|
CWE-20
Improper Input Validation
|
CVE-2013-4353
|
2024-11-21 10:55 |
2014-01-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290048
|
- |
|
libreswan
|
libreswan
|
Libreswan 3.6 allows remote attackers to cause a denial of service (crash) via a small length value and (1) no version or (2) an invalid major number in an IKE packet.
|
CWE-189
Numeric Errors
|
CVE-2013-4564
|
2024-11-21 10:55 |
2014-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290049
|
- |
|
xen
|
xen
|
Xen 3.0.3 through 4.1.x (possibly 4.1.6.1), 4.2.x (possibly 4.2.3), and 4.3.x (possibly 4.3.1) does not properly prevent access to hypercalls, which allows local guest users to gain privileges via a …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4554
|
2024-11-21 10:55 |
2013-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290050
|
- |
|
xen
|
xen
|
The XEN_DOMCTL_getmemlist hypercall in Xen 3.4.x through 4.3.x (possibly 4.3.1) does not always obtain the page_alloc_lock and mm_rwlock in the same order, which allows local guest administrators to …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4553
|
2024-11-21 10:55 |
2013-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
