|
290021
|
- |
|
gnu
|
rush
|
GNU Rush 1.7 does not properly drop privileges, which allows local users to read arbitrary files via the --lint option.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6889
|
2024-11-21 10:59 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290022
|
- |
|
jenkins-ci
|
subversion-plugin
|
The Subversion plugin before 1.54 for Jenkins stores credentials using base64 encoding, which allows local users to obtain passwords and SSH private keys by reading a subversion.credentials file.
|
CWE-255
Credentials Management
|
CVE-2013-6372
|
2024-11-21 10:59 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290023
|
- |
|
ibm
|
tririga_application_platform
|
Multiple cross-site scripting (XSS) vulnerabilities in WebProcess.srv in IBM TRIRIGA Application Platform 3.2.x and 3.3.x before 3.3.1.2 allow remote authenticated users to inject arbitrary web scrip…
|
CWE-79
Cross-site Scripting
|
CVE-2013-6726
|
2024-11-21 10:59 |
2014-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290024
|
- |
|
pywbem_project
|
pywbem
|
PyWBEM 0.7 and earlier does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middl…
|
CWE-20
Improper Input Validation
|
CVE-2013-6444
|
2024-11-21 10:59 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290025
|
- |
|
pywbem_project
|
pywbem
|
PyWBEM 0.7 and earlier uses a separate connection to validate X.509 certificates, which allows man-in-the-middle attackers to spoof a peer via an arbitrary certificate.
|
CWE-20
Improper Input Validation
|
CVE-2013-6418
|
2024-11-21 10:59 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290026
|
- |
|
ibm
|
websphere_virtual_enterprise
websphere_application_server
|
Cross-site scripting (XSS) vulnerability in the Administration Console in IBM WebSphere Application Server (WAS) 7.x before 7.0.0.33, 8.x before 8.0.0.9, and 8.5.x before 8.5.5.2, and WebSphere Virtu…
|
CWE-79
Cross-site Scripting
|
CVE-2013-6323
|
2024-11-21 10:59 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290027
|
- |
|
redhat
|
enterprise_mrg
|
Cumin (aka MRG Management Console), as used in Red Hat Enterprise MRG 2.5, uses the DES-based crypt function to hash passwords, which makes it easier for attackers to obtain sensitive information via…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6445
|
2024-11-21 10:59 |
2014-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290028
|
- |
|
uclouvain
|
openjpeg
|
OpenJPEG 1.5.1 allows remote attackers to cause a denial of service via unspecified vectors that trigger NULL pointer dereferences, division-by-zero, and other errors.
|
CWE-20
Improper Input Validation
|
CVE-2013-6887
|
2024-11-21 10:59 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290029
|
- |
|
ibm
|
smartcloud_analytics_log_analysis
|
Cross-site scripting (XSS) vulnerability in IBM SmartCloud Analytics Log Analysis 1.1 and 1.2 before 1.2.0.0-CSI-SCALA-IF0003 allows remote attackers to inject arbitrary web script or HTML via an inv…
|
CWE-79
Cross-site Scripting
|
CVE-2013-6738
|
2024-11-21 10:59 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290030
|
- |
|
redhat
|
jboss_fuse_service_works
jboss_overlord_run_time_governance
|
JBoss Overlord Run Time Governance (RTGov) 1.0 for JBossAS allows remote authenticated users to execute arbitrary Java code via an MVFLEX Expression Language (MVEL) expression. NOTE: some of these d…
|
CWE-94
Code Injection
|
CVE-2013-6469
|
2024-11-21 10:59 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
