|
291071
|
- |
|
cru-inc
|
ditto_forensic_fieldstation_firmware
ditto_forensic_fieldstation
|
The write-blocker in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a has a default "ditto" username and password, which allows remote attackers to gain privileges.
|
CWE-255
Credentials Management
|
CVE-2013-6884
|
2024-11-21 10:59 |
2014-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291072
|
- |
|
cru-inc
|
ditto_forensic_fieldstation_firmware
ditto_forensic_fieldstation
|
CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) sector size or (2) skip count fields for the …
|
CWE-78
OS Command
|
CVE-2013-6881
|
2024-11-21 10:59 |
2014-01-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291073
|
- |
|
hp
|
linux_imaging_and_printing_project
|
base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.11 allows local users to overwrite arbitrary files via a symlink attack on the /tmp/hp-pkservice.log temporary file.
|
CWE-59
Link Following
|
CVE-2013-6402
|
2024-11-21 10:59 |
2014-01-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291074
|
- |
|
openssl
|
openssl
|
The DTLS retransmission implementation in OpenSSL 1.0.0 before 1.0.0l and 1.0.1 before 1.0.1f does not properly maintain data structures for digest and encryption contexts, which might allow man-in-t…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6450
|
2024-11-21 10:59 |
2014-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291075
|
- |
|
mislav_marohnic
|
will_paginate
|
Cross-site scripting (XSS) vulnerability in the will_paginate gem before 3.0.5 for Ruby allows remote attackers to inject arbitrary web script or HTML via vectors involving generated pagination links.
|
CWE-79
Cross-site Scripting
|
CVE-2013-6459
|
2024-11-21 10:59 |
2014-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291076
|
- |
|
irfanview
|
irfanview
|
Buffer overflow in IrfanView before 4.37, when a multibyte-character directory name is used, allows user-assisted remote attackers to execute arbitrary code via a crafted file that is incorrectly han…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-6932
|
2024-11-21 10:59 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291077
|
- |
|
cybozu
|
garoon
|
SQL injection vulnerability in Cybozu Garoon 3.7 SP2 and earlier allows remote authenticated users to execute arbitrary SQL commands via crafted API input.
|
CWE-89
SQL Injection
|
CVE-2013-6929
|
2024-11-21 10:59 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291078
|
- |
|
realvnc
|
realvnc
|
RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6886
|
2024-11-21 10:59 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291079
|
- |
|
nextdc
|
onedc
|
The ONEDC app before 1.7 for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6812
|
2024-11-21 10:59 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291080
|
- |
|
zend
|
zendto
|
Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php.
|
CWE-79
Cross-site Scripting
|
CVE-2013-6808
|
2024-11-21 10:59 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
