|
292831
|
- |
|
redhat
|
freeipa
|
The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (cr…
|
CWE-20
Improper Input Validation
|
CVE-2013-0336
|
2024-11-21 10:47 |
2014-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292832
|
- |
|
bundler
opensuse
fedoraproject
|
bundler
opensuse
fedora
|
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.
|
CWE-20
Improper Input Validation
|
CVE-2013-0334
|
2024-11-21 10:47 |
2014-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292833
|
- |
|
corosync
|
corosync
|
The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted…
|
NVD-CWE-Other
|
CVE-2013-0250
|
2024-11-21 10:47 |
2014-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292834
|
- |
|
owncloud
|
owncloud
|
ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0304
|
2024-11-21 10:47 |
2014-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292835
|
- |
|
owncloud
|
owncloud
|
Unspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite." NOTE…
|
NVD-CWE-noinfo
|
CVE-2013-0302
|
2024-11-21 10:47 |
2014-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292836
|
- |
|
owncloud
|
owncloud
|
settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings.
|
CWE-94
Code Injection
|
CVE-2013-0204
|
2024-11-21 10:47 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292837
|
- |
|
lucas_clemente_vella
|
libpam-pgsql
|
libpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password.
|
CWE-287
Improper Authentication
|
CVE-2013-0191
|
2024-11-21 10:47 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292838
|
- |
|
redhat
|
freeipa
|
The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0199
|
2024-11-21 10:47 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292839
|
- |
|
isync_project
|
isync
|
Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-midd…
|
CWE-310
Cryptographic Issues
|
CVE-2013-0289
|
2024-11-21 10:47 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292840
|
- |
|
mantisbt
|
mantisbt
|
Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2 function in core/filter_api.php in MantisBT 1.2.12 before 1.2.13 allows remote attackers to inject arbitrary web script or …
|
CWE-79
Cross-site Scripting
|
CVE-2013-0197
|
2024-11-21 10:47 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
