|
289961
|
8.8 |
HIGH
Network
|
apache
|
vcl
|
The Privileges portion of the web GUI and the XMLRPC API in Apache VCL 2.3.x before 2.3.2, 2.2.x before 2.2.2 and 2.1 allow remote authenticated users with nodeAdmin, manageGroup, resourceGrant, or u…
|
CWE-264
CWE-20
Permissions, Privileges, and Access Controls
Improper Input Validation
|
CVE-2013-0267
|
2024-11-21 10:47 |
2018-02-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289962
|
- |
|
webfs
|
webfs
|
The Gentoo init script for webfs uses world-readable permissions for /var/log/webfsd.log, which allows local users to have unspecified impact by reading the file.
|
CWE-200
Information Exposure
|
CVE-2013-0347
|
2024-11-21 10:47 |
2014-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289963
|
- |
|
redhat
|
freeipa
|
The ipapwd_chpwop function in daemons/ipa-slapi-plugins/ipa-pwd-extop/ipa_pwd_extop.c in the directory server (dirsrv) in FreeIPA before 3.2.0 allows remote attackers to cause a denial of service (cr…
|
CWE-20
Improper Input Validation
|
CVE-2013-0336
|
2024-11-21 10:47 |
2014-11-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289964
|
- |
|
bundler
opensuse
fedoraproject
|
bundler
opensuse
fedora
|
Bundler before 1.7, when multiple top-level source lines are used, allows remote attackers to install arbitrary gems by creating a gem with the same name as another gem in a different source.
|
CWE-20
Improper Input Validation
|
CVE-2013-0334
|
2024-11-21 10:47 |
2014-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289965
|
- |
|
corosync
|
corosync
|
The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted…
|
NVD-CWE-Other
|
CVE-2013-0250
|
2024-11-21 10:47 |
2014-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289966
|
- |
|
owncloud
|
owncloud
|
ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0304
|
2024-11-21 10:47 |
2014-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289967
|
- |
|
owncloud
|
owncloud
|
Unspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite." NOTE…
|
NVD-CWE-noinfo
|
CVE-2013-0302
|
2024-11-21 10:47 |
2014-06-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289968
|
- |
|
owncloud
|
owncloud
|
settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings.
|
CWE-94
Code Injection
|
CVE-2013-0204
|
2024-11-21 10:47 |
2014-06-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289969
|
- |
|
lucas_clemente_vella
|
libpam-pgsql
|
libpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password.
|
CWE-287
Improper Authentication
|
CVE-2013-0191
|
2024-11-21 10:47 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289970
|
- |
|
redhat
|
freeipa
|
The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0199
|
2024-11-21 10:47 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
