|
290371
|
- |
|
bestpractical
|
rt
|
Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive informat…
|
NVD-CWE-noinfo
|
CVE-2013-3374
|
2024-11-21 10:53 |
2013-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290372
|
- |
|
bestpractical
|
rt
|
CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v…
|
CWE-94
Code Injection
|
CVE-2013-3373
|
2024-11-21 10:53 |
2013-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290373
|
- |
|
bestpractical
|
rt
|
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject multiple Content-Disposition HTTP headers and possibly conduct cross-site scripting (XSS) attacks vi…
|
CWE-79
Cross-site Scripting
|
CVE-2013-3372
|
2024-11-21 10:53 |
2013-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290374
|
- |
|
bestpractical
|
rt
|
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an att…
|
CWE-79
Cross-site Scripting
|
CVE-2013-3371
|
2024-11-21 10:53 |
2013-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290375
|
- |
|
bestpractical
|
rt
|
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a di…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3370
|
2024-11-21 10:53 |
2013-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290376
|
- |
|
bestpractical
|
rt
|
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote authenticated users with the permissions to view the administration pages to execute arbitrary private components via un…
|
NVD-CWE-noinfo
|
CVE-2013-3369
|
2024-11-21 10:53 |
2013-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290377
|
- |
|
bestpractical
|
rt
|
bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.
|
CWE-59
Link Following
|
CVE-2013-3368
|
2024-11-21 10:53 |
2013-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290378
|
- |
|
cisco
|
unified_communications_manager
unified_presence
|
Memory leak in Cisco Unified Communications Manager IM and Presence Service before 8.6(5)SU1 and 9.x before 9.1(2), and Cisco Unified Presence, allows remote attackers to cause a denial of service (m…
|
CWE-399
Resource Management Errors
|
CVE-2013-3453
|
2024-11-21 10:53 |
2013-08-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290379
|
- |
|
puppetlabs
puppet
canonical
novell
|
puppet
ubuntu_linux
suse_linux_enterprise_server
suse_linux_enterprise_desktop
puppet_enterprise
|
Puppet 2.7.x before 2.7.22 and 3.2.x before 3.2.2, and Puppet Enterprise before 2.8.2, deserializes untrusted YAML, which allows remote attackers to instantiate arbitrary Ruby classes and execute arb…
|
CWE-20
Improper Input Validation
|
CVE-2013-3567
|
2024-11-21 10:53 |
2013-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290380
|
- |
|
sap
|
netweaver
|
The GetComputerSystem method in the HostControl service in SAP Netweaver 7.03 allows remote attackers to obtain sensitive information via a crafted SOAP request to TCP port 1128.
|
CWE-200
Information Exposure
|
CVE-2013-3319
|
2024-11-21 10:53 |
2013-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
