|
297491
|
- |
|
hp
|
san\/iq
|
LeftHand OS (aka SAN iQ) 10.5 and earlier on HP StoreVirtual Storage devices does not provide a mechanism for disabling the HP Support challenge-response root-login feature, which makes it easier for…
|
CWE-255
Credentials Management
|
CVE-2013-2352
|
2024-11-21 10:51 |
2013-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297492
|
8.1 |
HIGH
Network
|
apache
|
struts
|
Apache Struts 2 before 2.3.14.2 allows remote attackers to execute arbitrary OGNL code via a crafted request that is not properly handled when using the includeParams attribute in the (1) URL or (2) …
|
CWE-94
Code Injection
|
CVE-2013-2115
|
2024-11-21 10:51 |
2013-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297493
|
- |
|
spip
|
spip
|
SPIP 3.0.x before 3.0.9, 2.1.x before 2.1.22, and 2.0.x before 2.0.23 allows remote attackers to gain privileges and "take editorial control" via vectors related to ecrire/inc/filtres.php.
|
NVD-CWE-noinfo
|
CVE-2013-2118
|
2024-11-21 10:51 |
2013-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297494
|
- |
|
openstack
|
havana
grizzly
folsom
|
OpenStack Compute (Nova) Folsom, Grizzly, and Havana does not verify the virtual size of a QCOW2 image, which allows local users to cause a denial of service (host file system disk consumption) by cr…
|
CWE-399
Resource Management Errors
|
CVE-2013-2096
|
2024-11-21 10:51 |
2013-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297495
|
- |
|
wordpress
|
wordpress
|
The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to bypass the Same Origin Policy and conduct cross-si…
|
CWE-79
CWE-16
Cross-site Scripting
Configuration
|
CVE-2013-2205
|
2024-11-21 10:51 |
2013-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297496
|
- |
|
wordpress
tinymce
|
wordpress
media
|
moxieplayer.as in Moxiecode moxieplayer, as used in the TinyMCE Media plugin in WordPress before 3.5.2 and other products, does not consider the presence of a # (pound sign) character during extracti…
|
CWE-20
Improper Input Validation
|
CVE-2013-2204
|
2024-11-21 10:51 |
2013-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297497
|
- |
|
wordpress
|
wordpress
|
WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an X…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2203
|
2024-11-21 10:51 |
2013-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297498
|
- |
|
wordpress
|
wordpress
|
WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related t…
|
CWE-200
Information Exposure
|
CVE-2013-2202
|
2024-11-21 10:51 |
2013-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297499
|
- |
|
wordpress
|
wordpress
|
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) uploads of media files, (2) editi…
|
CWE-79
Cross-site Scripting
|
CVE-2013-2201
|
2024-11-21 10:51 |
2013-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297500
|
- |
|
wordpress
|
wordpress
|
WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspeci…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2200
|
2024-11-21 10:51 |
2013-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
