|
284221
|
- |
|
yahoo
|
japan_shopping
|
The Yahoo! Japan Shopping application 1.4 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive i…
|
CWE-310
Cryptographic Issues
|
CVE-2013-4700
|
2024-11-21 10:56 |
2013-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284222
|
- |
|
yahoo
|
yafuoku\!
|
The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain s…
|
CWE-310
Cryptographic Issues
|
CVE-2013-4699
|
2024-11-21 10:56 |
2013-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284223
|
- |
|
puppet
|
puppet_enterprise
|
Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the l…
|
CWE-255
Credentials Management
|
CVE-2013-4967
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284224
|
- |
|
puppet
|
puppet_enterprise
|
Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmiss…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4964
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284225
|
- |
|
puppet
|
puppet_enterprise
|
The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended …
|
CWE-255
Credentials Management
|
CVE-2013-4962
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284226
|
- |
|
puppet
|
puppet_enterprise
|
Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information.
|
CWE-200
Information Exposure
|
CVE-2013-4961
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284227
|
- |
|
puppet
|
puppet_enterprise
|
Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host na…
|
CWE-200
Information Exposure
|
CVE-2013-4959
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284228
|
- |
|
puppet
|
puppet_enterprise
|
Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation.
|
CWE-287
Improper Authentication
|
CVE-2013-4958
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284229
|
- |
|
puppetlabs
puppet
|
puppet
puppet_enterprise
|
Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if thos…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4956
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284230
|
- |
|
puppet
|
puppet_enterprise
|
Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service …
|
CWE-20
Improper Input Validation
|
CVE-2013-4955
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
