|
297331
|
8.8 |
HIGH
Network
|
fileutils_project
|
fileutils
|
Vulnerability in FileUtils v0.7, Ruby Gem Fileutils <= v0.7 Command Injection vulnerability in user supplied url variable that is passed to the shell.
|
CWE-77
Command Injection
|
CVE-2013-2516
|
2024-11-21 10:51 |
2019-02-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297332
|
7.4 |
HIGH
Network
|
redhat
|
ansible
|
Ansible before 1.2.1 makes it easier for remote attackers to conduct man-in-the-middle attacks by leveraging failure to cache SSH host keys.
|
CWE-320
Key Management Errors
|
CVE-2013-2233
|
2024-11-21 10:51 |
2018-05-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297333
|
- |
|
sixapart
|
movable_type
|
Movable Type before 5.2.6 does not properly use the Storable::thaw function, which allows remote attackers to execute arbitrary code via the comment_state parameter.
|
CWE-17
Code
|
CVE-2013-2184
|
2024-11-21 10:51 |
2015-03-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297334
|
- |
|
rrdtool_project
|
rrdtool
|
Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdt…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2013-2131
|
2024-11-21 10:51 |
2015-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297335
|
- |
|
gentoo
|
portage
|
The urlopen function in pym/portage/util/_urlopen.py in Gentoo Portage 2.1.12, when using HTTPS, does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof…
|
CWE-310
Cryptographic Issues
|
CVE-2013-2100
|
2024-11-21 10:51 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297336
|
- |
|
monkey-project
|
monkey
|
The Mandril security plugin in Monkey HTTP Daemon (monkeyd) before 1.5.0 allows remote attackers to bypass access restrictions via a crafted URI, as demonstrated by an encoded forward slash.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2182
|
2024-11-21 10:51 |
2014-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297337
|
- |
|
monkey-project
|
monkey
|
Monkey HTTP Daemon (monkeyd) before 1.2.2 allows remote attackers to cause a denial of service (infinite loop) via an offset equal to the file size in the Range HTTP header.
|
CWE-20
Improper Input Validation
|
CVE-2013-2163
|
2024-11-21 10:51 |
2014-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297338
|
- |
|
mambo-foundation
|
mambo_cms
|
Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file.
|
CWE-399
Resource Management Errors
|
CVE-2013-2564
|
2024-11-21 10:51 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297339
|
- |
|
mambo-foundation
|
mambo_cms
|
Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2563
|
2024-11-21 10:51 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297340
|
- |
|
mambo-foundation
|
mambo_cms
|
Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors.
|
CWE-255
Credentials Management
|
CVE-2013-2562
|
2024-11-21 10:51 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
