|
290391
|
- |
|
ucdok
|
tomato
|
The admin API in the tomato module before 0.0.6 for Node.js does not properly check the access key when it is set to a string, which allows remote attackers to bypass authentication via a string in t…
|
CWE-287
Improper Authentication
|
CVE-2013-7379
|
2024-11-21 11:00 |
2014-05-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290392
|
- |
|
openx
|
openx
|
Multiple cross-site request forgery (CSRF) vulnerabilities in OpenX 2.8.10, possibly before revision 82710, allow remote attackers to hijack the authentication of administrators, as demonstrated by r…
|
CWE-352
Origin Validation Error
|
CVE-2013-7376
|
2024-11-21 11:00 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290393
|
- |
|
cristian_gafton
|
pam_userdb
|
The pam_userdb module for Pam uses a case-insensitive method to compare hashed passwords, which makes it easier for attackers to guess the password via a brute force attack.
|
CWE-310
Cryptographic Issues
|
CVE-2013-7041
|
2024-11-21 11:00 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290394
|
- |
|
redhat
opensuse
|
libvirt
opensuse
|
The qemuMigrationWaitForSpice function in qemu/qemu_migration.c in libvirt before 1.1.3 does not properly enter a monitor when performing seamless SPICE migration, which allows local users to cause a…
|
NVD-CWE-Other
|
CVE-2013-7336
|
2024-11-21 11:00 |
2014-05-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290395
|
- |
|
libpng
|
libpng
|
Multiple integer overflows in libpng before 1.5.14rc03 allow remote attackers to cause a denial of service (crash) via a crafted image to the (1) png_set_sPLT or (2) png_set_text_2 function, which tr…
|
CWE-189
Numeric Errors
|
CVE-2013-7354
|
2024-11-21 11:00 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290396
|
- |
|
libpng
|
libpng
|
Integer overflow in the png_set_unknown_chunks function in libpng/pngset.c in libpng before 1.5.14beta08 allows context-dependent attackers to cause a denial of service (segmentation fault and crash)…
|
CWE-189
Numeric Errors
|
CVE-2013-7353
|
2024-11-21 11:00 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290397
|
- |
|
php-fusion
|
php-fusion
|
SQL injection vulnerability in includes/classes/Authenticate.class.php in PHP-Fusion 7.02.01 through 7.02.05 allows remote attackers to execute arbitrary SQL commands via the user ID in a user cookie…
|
CWE-89
SQL Injection
|
CVE-2013-7375
|
2024-11-21 11:00 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290398
|
- |
|
livezilla
|
livezilla
|
The setCookieValue function in _lib/functions.global.inc.php in LiveZilla before 5.1.2.1 allows remote attackers to execute arbitrary PHP code via a serialized PHP object in a cookie.
|
CWE-94
Code Injection
|
CVE-2013-7034
|
2024-11-21 11:00 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290399
|
- |
|
livezilla
|
livezilla
|
Multiple cross-site scripting (XSS) vulnerabilities in LiveZilla before 5.1.2.0 allow remote attackers to inject arbitrary web script or HTML via the (1) full name field, (2) company field, or (3) fi…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7003
|
2024-11-21 11:00 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290400
|
- |
|
plone
|
plone
|
Products/CMFPlone/CatalogTool.py in Plone 3.3 through 4.3.2 allows remote administrators to bypass restrictions and obtain sensitive information via an unspecified search API.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7061
|
2024-11-21 11:00 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
