|
290161
|
- |
|
drupal
|
drupal
|
Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the descri…
|
CWE-79
Cross-site Scripting
|
CVE-2013-6387
|
2024-11-21 10:59 |
2013-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290162
|
- |
|
rackspace
|
openstack_windows_guest_agent
|
The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which trig…
|
CWE-94
Code Injection
|
CVE-2013-6795
|
2024-11-21 10:59 |
2013-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290163
|
- |
|
owncloud
|
owncloud
|
The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6403
|
2024-11-21 10:59 |
2013-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290164
|
- |
|
debian
fedoraproject
phil_schwartz
|
debian_linux
fedora
denyhosts
|
denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login n…
|
CWE-287
Improper Authentication
|
CVE-2013-6890
|
2024-11-21 10:59 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290165
|
- |
|
openssl
|
openssl
|
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6449
|
2024-11-21 10:59 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290166
|
- |
|
redhat
|
subscription_asset_manager
|
Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vector…
|
CWE-287
Improper Authentication
|
CVE-2013-6439
|
2024-11-21 10:59 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290167
|
- |
|
debian
canonical
haxx
|
debian_linux
ubuntu_linux
libcurl
|
The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fie…
|
CWE-20
Improper Input Validation
|
CVE-2013-6422
|
2024-11-21 10:59 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290168
|
- |
|
ibm
|
security_access_manager_for_enterprise_single_sign-on
|
Cross-site scripting (XSS) vulnerability in the IMS server before Ifix 6 in IBM Security Access Manager for Enterprise Single Sign-On (ISAM ESSO) 8.2 allows remote authenticated users to inject arbit…
|
CWE-79
Cross-site Scripting
|
CVE-2013-6745
|
2024-11-21 10:59 |
2013-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290169
|
- |
|
ibm
|
websphere_portal
|
IBM WebSphere Portal 6.0.0.x through 6.0.0.1, 6.0.1.x through 6.0.1.7, 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF26, and 8.0.0.x through 8.0.0.1 CF08 allow…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6735
|
2024-11-21 10:59 |
2013-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290170
|
- |
|
ibm
|
websphere_portal
|
IBM WebSphere Portal 8.0.0.1 before CF09 does not properly handle references in compute="always" Web Content Manager (WCM) navigator components, which allows remote attackers to obtain sensitive comp…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6723
|
2024-11-21 10:59 |
2013-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
