|
287381
|
- |
|
opensuse
|
opensuse
|
The image creation configuration in aaa_base before 16.26.1 for openSUSE 13.1 KDE adds the root user to the "users" group when installing from a live image, which allows local users to obtain sensiti…
|
CWE-200
Information Exposure
|
CVE-2013-3713
|
2024-11-21 10:54 |
2014-01-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287382
|
- |
|
barebones
|
textwrangler
bbedit
yojimbo
|
The software update mechanism as used in Bare Bones Software Yojimbo before 4.0, TextWrangler before 4.5.3, and BBEdit before 10.5.5 does not properly download and verify updates before installation,…
|
CWE-20
Improper Input Validation
|
CVE-2013-3667
|
2024-11-21 10:54 |
2014-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287383
|
- |
|
microsoft
|
internet_explorer
|
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted CSpliceTreeEngine…
|
CWE-399
Resource Management Errors
|
CVE-2013-3846
|
2024-11-21 10:54 |
2013-12-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287384
|
- |
|
suse
novell
|
studio_onsite
suse_lifecycle_management_server
webyast
|
WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3709
|
2024-11-21 10:54 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287385
|
- |
|
ibm
|
websphere_portal
|
IBM WebSphere Portal 8.0.0.x before 8.0.0.1 CF09, when Content Template Catalog 4.0 is used, does not require administrative privileges for Portal Application Archive (PAA) file installation, which a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4012
|
2024-11-21 10:54 |
2013-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287386
|
- |
|
novell
|
client
|
The VBA32 AntiRootKit component for Novell Client 2 SP3 before IR5 on Windows allows local users to cause a denial of service (bugcheck and BSOD) via an IOCTL call for an invalid IOCTL.
|
CWE-20
Improper Input Validation
|
CVE-2013-3705
|
2024-11-21 10:54 |
2013-12-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287387
|
- |
|
ibm
|
spss_collaboration_and_deployment_services
|
The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to discover an internal password via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2013-4070
|
2024-11-21 10:54 |
2013-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287388
|
- |
|
ibm
|
spss_collaboration_and_deployment_services
|
The Portal application in IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote attackers to read arbitrary files via an XML external entity declara…
|
CWE-200
Information Exposure
|
CVE-2013-4069
|
2024-11-21 10:54 |
2013-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287389
|
- |
|
ibm
|
lotus_domino
lotus_inotes
|
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote attackers to inject arbitrary web scrip…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4065
|
2024-11-21 10:54 |
2013-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287390
|
- |
|
ibm
|
lotus_domino
lotus_inotes
|
Cross-site scripting (XSS) vulnerability in iNotes in IBM Domino 8.5.x before 8.5.3 FP6 and 9.0.x before 9.0.1, when ultra-light mode is enabled, allows remote authenticated users to inject arbitrary…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4064
|
2024-11-21 10:54 |
2013-12-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
