|
290671
|
- |
|
craig_drummond
|
cantata
|
Cantata before 1.2.2 does not restrict access to files in the play queue, which allows remote attackers to obtain sensitive information by reading the songs in the queue.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7301
|
2024-11-21 11:00 |
2014-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290672
|
- |
|
craig_drummond
|
cantata
|
Absolute path traversal vulnerability in cantata before 1.2.2 allows local users to read arbitrary files via a full pathname in a request to the internal httpd server. NOTE: this vulnerability can b…
|
CWE-22
Path Traversal
|
CVE-2013-7300
|
2024-11-21 11:00 |
2014-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290673
|
- |
|
fail2ban
|
fail2ban
|
config/filter.d/cyrus-imap.conf in the cyrus-imap filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches…
|
CWE-20
Improper Input Validation
|
CVE-2013-7177
|
2024-11-21 11:00 |
2014-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290674
|
- |
|
fail2ban
|
fail2ban
|
config/filter.d/postfix.conf in the postfix filter in Fail2ban before 0.8.11 allows remote attackers to trigger the blocking of an arbitrary IP address via a crafted e-mail address that matches an im…
|
CWE-20
Improper Input Validation
|
CVE-2013-7176
|
2024-11-21 11:00 |
2014-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290675
|
- |
|
spip
|
spip
|
Multiple cross-site scripting (XSS) vulnerabilities in (1) squelettes-dist/formulaires/inscription.php and (2) prive/forms/editer_auteur.php in SPIP before 2.1.25 and 3.0.x before 3.0.13 allow remote…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7303
|
2024-11-21 11:00 |
2014-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290676
|
- |
|
daum_communications
|
daumgame_activex_control
|
Buffer overflow in the IconCreate method in an ActiveX control in the DaumGame ActiveX plugin 1.1.0.4 and 1.1.0.5 allows remote attackers to execute arbitrary code via a long string, as exploited in …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-7246
|
2024-11-21 11:00 |
2014-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290677
|
- |
|
algosec
|
firewall_analyzer
|
Cross-site scripting (XSS) vulnerability in BusinessFlow/login in AlgoSec Firewall Analyzer 6.4 allows remote attackers to inject arbitrary web script or HTML via the message parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2013-7318
|
2024-11-21 11:00 |
2014-01-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290678
|
- |
|
detlef_pilzecker
|
proc\
|
The Proc::Daemon module 0.14 for Perl uses world-writable permissions for a file that stores a process ID, which allows local users to have an unspecified impact by modifying this file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7135
|
2024-11-21 11:00 |
2014-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290679
|
- |
|
tntnet
|
tntnet
|
framework/common/messageheaderparser.cpp in Tntnet before 2.2.1 allows remote attackers to obtain sensitive information via a header that ends in \n instead of \r\n, which prevents a null terminator …
|
CWE-200
Information Exposure
|
CVE-2013-7299
|
2024-11-21 11:00 |
2014-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290680
|
- |
|
tntnet
|
cxxtools
|
query_params.cpp in cxxtools before 2.2.1 allows remote attackers to cause a denial of service (infinite recursion and crash) via an HTTP query that contains %% (double percent) characters.
|
CWE-399
Resource Management Errors
|
CVE-2013-7298
|
2024-11-21 11:00 |
2014-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
