|
292951
|
- |
|
nextdc
|
onedc
|
The ONEDC app before 1.7 for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6812
|
2024-11-21 10:59 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292952
|
- |
|
zend
|
zendto
|
Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php.
|
CWE-79
Cross-site Scripting
|
CVE-2013-6808
|
2024-11-21 10:59 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292953
|
- |
|
drupal
|
drupal
|
Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS.
|
CWE-79
Cross-site Scripting
|
CVE-2013-6388
|
2024-11-21 10:59 |
2013-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292954
|
- |
|
drupal
|
drupal
|
Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the descri…
|
CWE-79
Cross-site Scripting
|
CVE-2013-6387
|
2024-11-21 10:59 |
2013-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292955
|
- |
|
rackspace
|
openstack_windows_guest_agent
|
The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which trig…
|
CWE-94
Code Injection
|
CVE-2013-6795
|
2024-11-21 10:59 |
2013-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292956
|
- |
|
owncloud
|
owncloud
|
The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6403
|
2024-11-21 10:59 |
2013-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292957
|
- |
|
debian
fedoraproject
phil_schwartz
|
debian_linux
fedora
denyhosts
|
denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login n…
|
CWE-287
Improper Authentication
|
CVE-2013-6890
|
2024-11-21 10:59 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292958
|
- |
|
openssl
|
openssl
|
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6449
|
2024-11-21 10:59 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292959
|
- |
|
redhat
|
subscription_asset_manager
|
Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vector…
|
CWE-287
Improper Authentication
|
CVE-2013-6439
|
2024-11-21 10:59 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292960
|
- |
|
debian
canonical
haxx
|
debian_linux
ubuntu_linux
libcurl
|
The GnuTLS backend in libcurl 7.21.4 through 7.33.0, when disabling digital signature verification (CURLOPT_SSL_VERIFYPEER), also disables the CURLOPT_SSL_VERIFYHOST check for CN or SAN host name fie…
|
CWE-20
Improper Input Validation
|
CVE-2013-6422
|
2024-11-21 10:59 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
