|
290721
|
3.1 |
LOW
Network
|
cloudera
|
cdh
|
The JobHistory Server in Cloudera CDH 4.x before 4.6.0 and 5.x before 5.0.0 Beta 2, when using MRv2/YARN with HTTP authentication, allows remote authenticated users to obtain sensitive job informatio…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6446
|
2024-11-21 10:59 |
2017-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290722
|
- |
|
php
suse
|
php
linux_enterprise_server
|
The default soap.wsdl_cache_dir setting in (1) php.ini-production and (2) php.ini-development in PHP through 5.6.7 specifies the /tmp directory, which makes it easier for local users to conduct WSDL …
|
CWE-74
Injection
|
CVE-2013-6501
|
2024-11-21 10:59 |
2015-03-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290723
|
- |
|
websvn
debian
|
websvn
debian_linux
|
WebSVN 2.3.3 allows remote authenticated users to read arbitrary files via a symlink attack in a commit.
|
CWE-200
Information Exposure
|
CVE-2013-6892
|
2024-11-21 10:59 |
2015-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290724
|
- |
|
phpthumb_project
|
phpthumb
|
The default configuration of phpThumb before 1.7.12 has a false value for the disable_debug option, which allows remote attackers to conduct Server-Side Request Forgery (SSRF) attacks via the src par…
|
NVD-CWE-Other
|
CVE-2013-6919
|
2024-11-21 10:59 |
2014-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290725
|
- |
|
rpm
debian
|
rpm
debian_linux
|
Race condition in RPM 4.11.1 and earlier allows remote attackers to execute arbitrary code via a crafted RPM file whose installation extracts the contents to temporary files before validating the sig…
|
CWE-74
Injection
|
CVE-2013-6435
|
2024-11-21 10:59 |
2014-12-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290726
|
- |
|
fedup_project
|
fedup
|
fedup 0.9.0 in Fedora 19, 20, and 21 uses a temporary directory with a static name for its download cache, which allows local users to cause a denial of service (prevention of system updates).
|
CWE-17
Code
|
CVE-2013-6494
|
2024-11-21 10:59 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290727
|
- |
|
clamav
|
clamav
|
clamscan in ClamAV before 0.98.5, when using -a option, allows remote attackers to cause a denial of service (crash) as demonstrated by the jwplayer.js file.
|
CWE-17
Code
|
CVE-2013-6497
|
2024-11-21 10:59 |
2014-12-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290728
|
- |
|
qemu
|
qemu
|
Array index error in the virtio_load function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary code via a crafted savevm image.
|
CWE-94
Code Injection
|
CVE-2013-6399
|
2024-11-21 10:59 |
2014-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290729
|
- |
|
deeproot_linux
|
deepofix
|
The SMTP server in DeepOfix 3.3 and earlier allows remote attackers to bypass authentication via an empty password, which triggers an LDAP anonymous bind.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6796
|
2024-11-21 10:59 |
2014-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290730
|
- |
|
redhat
|
conga
|
Red Hat Conga 0.12.2 allows remote attackers to obtain sensitive information via a crafted request to the (1) homebase, (2) cluster, (3) storage, (4) portal_skins/custom, or (5) logs Luci extension.
|
CWE-200
Information Exposure
|
CVE-2013-6496
|
2024-11-21 10:59 |
2014-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
