|
290561
|
- |
|
cobham
|
aviator_300
sailor_fleetbroadband_150
sailor_900_vsat
aviator_350
sailor_fleetbroadband_250
explorer_bgan
aviator_200
sailor_fleetbroadband_500
aviator_700d
|
Cobham SAILOR 900 VSAT; SAILOR FleetBroadBand 150, 250, and 500; EXPLORER BGAN; and AVIATOR 200, 300, 350, and 700D devices do not properly restrict password recovery, which allows attackers to obtai…
|
NVD-CWE-Other
|
CVE-2013-7180
|
2024-11-21 11:00 |
2014-08-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290562
|
- |
|
zoll
|
monitor\/defibrillator
|
ZOLL Defibrillator / Monitor X Series has a default (1) supervisor password and (2) service password, which allows physically proximate attackers to modify device configuration and cause a denial of …
|
CWE-255
Credentials Management
|
CVE-2013-7395
|
2024-11-21 11:00 |
2014-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290563
|
- |
|
splunk
|
splunk
|
The "runshellscript echo.sh" script in Splunk before 5.0.5 allows remote authenticated users to execute arbitrary commands via a crafted string. NOTE: this issue was SPLIT from CVE-2013-6771 per ADT…
|
CWE-94
Code Injection
|
CVE-2013-7394
|
2024-11-21 11:00 |
2014-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290564
|
- |
|
apache
|
subversion
|
The daemonize.py module in Subversion 1.8.0 before 1.8.2 allows local users to gain privileges via a symlink attack on the pid file created for (1) svnwcsub.py or (2) irkerbridge.py when the --pidfil…
|
CWE-59
Link Following
|
CVE-2013-7393
|
2024-11-21 11:00 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290565
|
- |
|
gitlist
|
gitlist
|
Gitlist allows remote attackers to execute arbitrary commands via shell metacharacters in a file name to Source/.
|
NVD-CWE-Other
|
CVE-2013-7392
|
2024-11-21 11:00 |
2014-07-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290566
|
- |
|
entity_api_project
|
entity_api
|
The Entity API module 7.x-1.x before 7.x-1.2 for Drupal, when using the (a) Views field or (b) area plugins, allows remote attackers to read restricted entities via the (1) field, (2) header, or (3) …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7391
|
2024-11-21 11:00 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290567
|
- |
|
dlink
|
dir-645_firmware
dir-645
|
Multiple cross-site scripting (XSS) vulnerabilities in D-Link DIR-645 Router (Rev. A1) with firmware before 1.04B11 allow remote attackers to inject arbitrary web script or HTML via the (1) deviceid …
|
CWE-79
Cross-site Scripting
|
CVE-2013-7389
|
2024-11-21 11:00 |
2014-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290568
|
- |
|
google
trimble
|
sketchup
|
Heap-based buffer overflow in paintlib, as used in Trimble SketchUp (formerly Google SketchUp) before 2013 (13.0.3689), allows remote attackers to execute arbitrary code via a crafted RLE4-compressed…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-7388
|
2024-11-21 11:00 |
2014-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290569
|
- |
|
vinay_sajip
|
python-gnupg
|
python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
|
NVD-CWE-Other
|
CVE-2013-7323
|
2024-11-21 11:00 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290570
|
- |
|
dleviet
|
datalife_engine
|
Session fixation vulnerability in DataLife Engine (DLE) 9.7 and earlier allows remote attackers to hijack web sessions via the PHPSESSID cookie.
|
NVD-CWE-Other
|
CVE-2013-7387
|
2024-11-21 11:00 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
