|
297571
|
- |
|
bundler
opensuse
fedoraproject
|
bundler
opensuse
fedora
|
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.
|
CWE-20
Improper Input Validation
|
CVE-2013-0334
|
2024-11-21 10:47 |
2014-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297572
|
- |
|
corosync
|
corosync
|
The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted…
|
NVD-CWE-Other
|
CVE-2013-0250
|
2024-11-21 10:47 |
2014-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297573
|
- |
|
owncloud
|
owncloud
|
ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0304
|
2024-11-21 10:47 |
2014-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297574
|
- |
|
owncloud
|
owncloud
|
Unspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite." NOTE…
|
NVD-CWE-noinfo
|
CVE-2013-0302
|
2024-11-21 10:47 |
2014-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297575
|
- |
|
owncloud
|
owncloud
|
settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings.
|
CWE-94
Code Injection
|
CVE-2013-0204
|
2024-11-21 10:47 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297576
|
- |
|
lucas_clemente_vella
|
libpam-pgsql
|
libpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password.
|
CWE-287
Improper Authentication
|
CVE-2013-0191
|
2024-11-21 10:47 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297577
|
- |
|
redhat
|
freeipa
|
The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0199
|
2024-11-21 10:47 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297578
|
- |
|
isync_project
|
isync
|
Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-midd…
|
CWE-310
Cryptographic Issues
|
CVE-2013-0289
|
2024-11-21 10:47 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297579
|
- |
|
mantisbt
|
mantisbt
|
Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2 function in core/filter_api.php in MantisBT 1.2.12 before 1.2.13 allows remote attackers to inject arbitrary web script or …
|
CWE-79
Cross-site Scripting
|
CVE-2013-0197
|
2024-11-21 10:47 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297580
|
- |
|
varnish_cache_project
|
varnish_cache
|
varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. N…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0345
|
2024-11-21 10:47 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
