|
290111
|
- |
|
realvnc
|
realvnc
|
RealVNC VNC 5.0.6 on Mac OS X, Linux, and UNIX allows local users to gain privileges via a crafted argument to the (1) vncserver, (2) vncserver-x11, or (3) Xvnc helper.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6886
|
2024-11-21 10:59 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290112
|
- |
|
nextdc
|
onedc
|
The ONEDC app before 1.7 for iOS does not properly verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6812
|
2024-11-21 10:59 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290113
|
- |
|
zend
|
zendto
|
Cross-site scripting (XSS) vulnerability in lib/NSSDropoff.php in ZendTo before 4.11-13 allows remote attackers to inject arbitrary web script or HTML via a modified emailAddr field to pickup.php.
|
CWE-79
Cross-site Scripting
|
CVE-2013-6808
|
2024-11-21 10:59 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290114
|
- |
|
drupal
|
drupal
|
Cross-site scripting (XSS) vulnerability in the Color module in Drupal 7.x before 7.24 allows remote attackers to inject arbitrary web script or HTML via vectors related to CSS.
|
CWE-79
Cross-site Scripting
|
CVE-2013-6388
|
2024-11-21 10:59 |
2013-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290115
|
- |
|
drupal
|
drupal
|
Cross-site scripting (XSS) vulnerability in the Image module in Drupal 7.x before 7.24 allows remote authenticated users with certain permissions to inject arbitrary web script or HTML via the descri…
|
CWE-79
Cross-site Scripting
|
CVE-2013-6387
|
2024-11-21 10:59 |
2013-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290116
|
- |
|
rackspace
|
openstack_windows_guest_agent
|
The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which trig…
|
CWE-94
Code Injection
|
CVE-2013-6795
|
2024-11-21 10:59 |
2013-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290117
|
- |
|
owncloud
|
owncloud
|
The admin page in ownCloud before 5.0.13 allows remote attackers to bypass intended access restrictions via unspecified vectors, related to MariaDB.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6403
|
2024-11-21 10:59 |
2013-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290118
|
- |
|
debian
fedoraproject
phil_schwartz
|
debian_linux
fedora
denyhosts
|
denyhosts 2.6 uses an incorrect regular expression when analyzing authentication logs, which allows remote attackers to cause a denial of service (incorrect block of IP addresses) via crafted login n…
|
CWE-287
Improper Authentication
|
CVE-2013-6890
|
2024-11-21 10:59 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290119
|
- |
|
openssl
|
openssl
|
The ssl_get_algorithm2 function in ssl/s3_lib.c in OpenSSL before 1.0.2 obtains a certain version number from an incorrect data structure, which allows remote attackers to cause a denial of service (…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6449
|
2024-11-21 10:59 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290120
|
- |
|
redhat
|
subscription_asset_manager
|
Candlepin in Red Hat Subscription Asset Manager 1.0 through 1.3 uses a weak authentication scheme when the configuration file does not specify a scheme, which has unspecified impact and attack vector…
|
CWE-287
Improper Authentication
|
CVE-2013-6439
|
2024-11-21 10:59 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
