|
291271
|
- |
|
alienvault
|
open_source_security_information_management
|
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from par…
|
CWE-89
SQL Injection
|
CVE-2013-5967
|
2024-11-21 10:58 |
2013-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291272
|
- |
|
djangoproject
|
django
|
The is_safe_url function in utils/http.py in Django 1.4.x before 1.4.6, 1.5.x before 1.5.2, and 1.6 before beta 2 treats a URL's scheme as safe even if it is not HTTP or HTTPS, which might introduce …
|
CWE-79
Cross-site Scripting
|
CVE-2013-6044
|
2024-11-21 10:58 |
2013-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291273
|
- |
|
citrix
|
netscaler_application_delivery_controller_firmware
netscaler_application_delivery_controller
|
Citrix NetScaler Application Delivery Controller (ADC) 10.0 before 10.0-76.7 allows remote attackers to cause a denial of service (nsconfigd crash and appliance reboot) via a crafted request.
|
CWE-20
Improper Input Validation
|
CVE-2013-6011
|
2024-11-21 10:58 |
2013-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291274
|
- |
|
polarssl
|
polarssl
|
The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA pr…
|
CWE-310
Cryptographic Issues
|
CVE-2013-5915
|
2024-11-21 10:58 |
2013-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291275
|
- |
|
wearegumball
|
comment-attachment
|
Cross-site scripting (XSS) vulnerability in the Comment Attachment plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Attachment field title."
|
CWE-79
Cross-site Scripting
|
CVE-2013-6010
|
2024-11-21 10:58 |
2013-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291276
|
- |
|
open-xchange
|
open-xchange_appsuite
|
CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting …
|
CWE-94
Code Injection
|
CVE-2013-6009
|
2024-11-21 10:58 |
2013-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291277
|
- |
|
siemens
|
scalance_x-200_series_firmware
scalance_x-200
scalance_x-200irt
|
The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which a…
|
CWE-287
Improper Authentication
|
CVE-2013-5944
|
2024-11-21 10:58 |
2013-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291278
|
- |
|
springsignage
|
xibo
|
Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.
|
CWE-22
Path Traversal
|
CVE-2013-5979
|
2024-11-21 10:58 |
2013-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291279
|
- |
|
f5
|
big-ip_access_policy_manager
|
Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web…
|
CWE-79
Cross-site Scripting
|
CVE-2013-5976
|
2024-11-21 10:58 |
2013-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291280
|
- |
|
f5
|
big-ip_access_policy_manager
|
The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5975
|
2024-11-21 10:58 |
2013-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
