|
290611
|
- |
|
gwos
|
groundwork_monitor
|
The Profile Importer feature in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to read arbitrary files via an XML document containing an…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3503
|
2024-11-21 10:53 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290612
|
- |
|
gwos
|
groundwork_monitor
|
monarch_scan.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands, and consequently obtain sensitive information, by lev…
|
CWE-255
Credentials Management
|
CVE-2013-3502
|
2024-11-21 10:53 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290613
|
- |
|
gwos
|
groundwork_monitor
|
Multiple cross-site scripting (XSS) vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the foundation-weba…
|
CWE-79
Cross-site Scripting
|
CVE-2013-3501
|
2024-11-21 10:53 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290614
|
- |
|
gwos
|
groundwork_monitor
|
The Foundation webapp admin interface in GroundWork Monitor Enterprise 6.7.0 uses the nagios account as the owner of writable files under /usr/local/groundwork, which allows context-dependent attacke…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3500
|
2024-11-21 10:53 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290615
|
- |
|
gwos
|
groundwork_monitor
|
GroundWork Monitor Enterprise 6.7.0 performs authentication on the basis of the HTTP Referer header, which allows remote attackers to obtain administrative privileges or access files via a crafted he…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3499
|
2024-11-21 10:53 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290616
|
- |
|
joomla
|
joomla\!
|
Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified…
|
CWE-79
Cross-site Scripting
|
CVE-2013-3267
|
2024-11-21 10:53 |
2013-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290617
|
- |
|
joomla
|
joomla\!
|
plugins/system/remember/remember.php in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 does not properly handle an object obtained by unserializing a cookie, which allows remote authenticated use…
|
CWE-20
Improper Input Validation
|
CVE-2013-3242
|
2024-11-21 10:53 |
2013-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290618
|
- |
|
freebsd
|
freebsd
|
The nfsrvd_readdir function in sys/fs/nfsserver/nfs_nfsdport.c in the new NFS server in FreeBSD 8.0 through 9.1-RELEASE-p3 does not verify that a READDIR request is for a directory node, which allows…
|
CWE-20
Improper Input Validation
|
CVE-2013-3266
|
2024-11-21 10:53 |
2013-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290619
|
- |
|
vmware
|
vcenter_server_appliance
|
VMware vCenter Server 5.1 before Update 1, when anonymous LDAP binding for Active Directory is enabled, allows remote attackers to bypass authentication by providing a valid username in conjunction w…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3107
|
2024-11-21 10:53 |
2013-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290620
|
- |
|
linux
|
linux_kernel
|
Race condition in the smb_send_rqst function in fs/cifs/transport.c in the Linux kernel before 3.7.2 allows local users to cause a denial of service (NULL pointer dereference and OOPS) or possibly ha…
|
CWE-362
Race Condition
|
CVE-2013-3302
|
2024-11-21 10:53 |
2013-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
