|
293151
|
- |
|
rob_westgeest
|
md2pdf
|
converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
|
NVD-CWE-noinfo
|
CVE-2013-1948
|
2024-11-21 10:50 |
2013-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293152
|
- |
|
kelly_d._redding
|
kelredd-pruview
|
kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_imag…
|
CWE-78
OS Command
|
CVE-2013-1947
|
2024-11-21 10:50 |
2013-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293153
|
- |
|
documentcloud
|
karteek-docsplit
|
The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shel…
|
CWE-78
OS Command
|
CVE-2013-1933
|
2024-11-21 10:50 |
2013-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293154
|
- |
|
trustwave
opensuse
fedoraproject
debian
|
modsecurity
opensuse
fedora
debian_linux
|
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity …
|
CWE-611
XXE
|
CVE-2013-1915
|
2024-11-21 10:50 |
2013-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293155
|
- |
|
linux
|
linux_kernel
|
The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, w…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1958
|
2024-11-21 10:50 |
2013-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293156
|
- |
|
linux
|
linux_kernel
|
The clone_mnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNT_READONLY flag, which allows local users to bypass an intended read-only propert…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1957
|
2024-11-21 10:50 |
2013-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293157
|
- |
|
linux
|
linux_kernel
|
The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows l…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1956
|
2024-11-21 10:50 |
2013-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293158
|
- |
|
chatelao
|
php_address_book
|
Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field.
|
CWE-79
Cross-site Scripting
|
CVE-2013-1749
|
2024-11-21 10:50 |
2013-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293159
|
- |
|
chatelao
|
php_address_book
|
Multiple SQL injection vulnerabilities in PHP Address Book 8.2.5 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) edit.php or (2) import.php. NOTE: the view…
|
CWE-89
SQL Injection
|
CVE-2013-1748
|
2024-11-21 10:50 |
2013-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293160
|
6.1 |
MEDIUM
Network
|
phpmyadmin
|
phpmyadmin
|
Multiple cross-site scripting (XSS) vulnerabilities in tbl_gis_visualization.php in phpMyAdmin 3.5.x before 3.5.8 might allow remote attackers to inject arbitrary web script or HTML via the (1) visua…
|
CWE-79
Cross-site Scripting
|
CVE-2013-1937
|
2024-11-21 10:50 |
2013-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
