|
291141
|
- |
|
rubyonrails
redhat
|
rails
ruby_on_rails
enterprise_linux
|
The sanitize_css method in lib/action_controller/vendor/html-scanner/html/sanitizer.rb in the Action Pack component in Ruby on Rails before 2.3.18, 3.0.x and 3.1.x before 3.1.12, and 3.2.x before 3.2…
|
CWE-79
Cross-site Scripting
|
CVE-2013-1855
|
2024-11-21 10:50 |
2013-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291142
|
- |
|
rubyonrails
redhat
|
ruby_on_rails
rails
enterprise_linux
|
The Active Record component in Ruby on Rails 2.3.x before 2.3.18, 3.1.x before 3.1.12, and 3.2.x before 3.2.13 processes certain queries by converting hash keys to symbols, which allows remote attack…
|
CWE-20
Improper Input Validation
|
CVE-2013-1854
|
2024-11-21 10:50 |
2013-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291143
|
- |
|
samba
|
samba
|
Samba 4.x before 4.0.4, when configured as an Active Directory domain controller, uses world-writable permissions on non-default CIFS shares, which allows remote authenticated users to read, modify, …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1863
|
2024-11-21 10:50 |
2013-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291144
|
- |
|
openafs
|
openafs
|
Integer overflow in ptserver in OpenAFS before 1.6.2 allows remote attackers to cause a denial of service (crash) via a large list from the IdToName RPC, which triggers a heap-based buffer overflow.
|
CWE-189
Numeric Errors
|
CVE-2013-1795
|
2024-11-21 10:50 |
2013-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291145
|
- |
|
openafs
|
openafs
|
Buffer overflow in certain client utilities in OpenAFS before 1.6.2 allows remote authenticated users to cause a denial of service (crash) and possibly execute arbitrary code via a long fileserver AC…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-1794
|
2024-11-21 10:50 |
2013-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291146
|
- |
|
perl
|
perl
|
The rehash mechanism in Perl 5.8.2 through 5.16.x allows context-dependent attackers to cause a denial of service (memory consumption and crash) via a crafted hash key.
|
CWE-399
Resource Management Errors
|
CVE-2013-1667
|
2024-11-21 10:50 |
2013-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291147
|
- |
|
apache
|
rave
|
The users/get program in the User RPC API in Apache Rave 0.11 through 0.20 allows remote authenticated users to obtain sensitive information about all user accounts via the offset parameter, as demon…
|
CWE-200
Information Exposure
|
CVE-2013-1814
|
2024-11-21 10:50 |
2013-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291148
|
- |
|
indusoft
advantech
|
web_studio
advantech_studio
|
Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in…
|
CWE-22
Path Traversal
|
CVE-2013-1627
|
2024-11-21 10:50 |
2013-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291149
|
- |
|
stunnel
|
stunnel
|
stunnel 4.21 through 4.54, when CONNECT protocol negotiation and NTLM authentication are enabled, does not correctly perform integer conversion, which allows remote proxy servers to execute arbitrary…
|
CWE-94
Code Injection
|
CVE-2013-1762
|
2024-11-21 10:50 |
2013-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291150
|
- |
|
spreecommerce
|
spree
|
Spree Commerce 1.0.x through 1.3.2 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the (1) payment_method parameter to core/app/con…
|
CWE-20
Improper Input Validation
|
CVE-2013-1656
|
2024-11-21 10:50 |
2013-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
