|
298131
|
- |
|
indusoft
advantech
|
web_studio
advantech_studio
|
Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in…
|
CWE-22
Path Traversal
|
CVE-2013-1627
|
2024-11-21 10:50 |
2013-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298132
|
- |
|
stunnel
|
stunnel
|
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary…
|
CWE-94
Code Injection
|
CVE-2013-1762
|
2024-11-21 10:50 |
2013-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298133
|
- |
|
spreecommerce
|
spree
|
Spree Commerce 1.0.x through 1.3.2 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the (1) payment_method parameter to core/app/con…
|
CWE-20
Improper Input Validation
|
CVE-2013-1656
|
2024-11-21 10:50 |
2013-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298134
|
- |
|
linux
|
linux_kernel
|
The _xfs_buf_find function in fs/xfs/xfs_buf.c in the Linux kernel before 3.7.6 does not validate block numbers, which allows local users to cause a denial of service (NULL pointer dereference and sy…
|
CWE-20
Improper Input Validation
|
CVE-2013-1819
|
2024-11-21 10:50 |
2013-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298135
|
- |
|
php
|
php
|
The SOAP parser in PHP before 5.3.23 and 5.4.x before 5.4.13 allows remote attackers to read arbitrary files via a SOAP WSDL file containing an XML external entity declaration in conjunction with an …
|
CWE-200
Information Exposure
|
CVE-2013-1643
|
2024-11-21 10:50 |
2013-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298136
|
- |
|
php
|
php
|
ext/soap/soap.c in PHP before 5.3.22 and 5.4.x before 5.4.13 does not validate the relationship between the soap.wsdl_cache_dir directive and the open_basedir directive, which allows remote attackers…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1635
|
2024-11-21 10:50 |
2013-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298137
|
- |
|
todd_miller
apple
|
sudo
mac_os_x
|
sudo 1.6.0 through 1.7.10p6 and sudo 1.8.0 through 1.8.6p6 allows local users or physically proximate attackers to bypass intended time restrictions and retain privileges without re-authenticating by…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1775
|
2024-11-21 10:50 |
2013-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298138
|
- |
|
linux
redhat
|
linux_kernel
enterprise_linux
enterprise_mrg
|
The chase_port function in drivers/usb/serial/io_ti.c in the Linux kernel before 3.7.4 allows local users to cause a denial of service (NULL pointer dereference and system crash) via an attempted /de…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1774
|
2024-11-21 10:50 |
2013-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298139
|
- |
|
linux
redhat
|
linux_kernel
enterprise_linux
enterprise_mrg
|
Buffer overflow in the VFAT filesystem implementation in the Linux kernel before 3.3 allows local users to gain privileges or cause a denial of service (system crash) via a VFAT write operation on a …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-1773
|
2024-11-21 10:50 |
2013-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
298140
|
- |
|
linux
|
linux_kernel
|
The log_prefix function in kernel/printk.c in the Linux kernel 3.x before 3.4.33 does not properly remove a prefix string from a syslog header, which allows local users to cause a denial of service (…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-1772
|
2024-11-21 10:50 |
2013-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
