|
283541
|
- |
|
polarssl
|
polarssl
|
The RSA-CRT implementation in PolarSSL before 1.2.9 does not properly perform Montgomery multiplication, which might allow remote attackers to conduct a timing side-channel attack and retrieve RSA pr…
|
CWE-310
Cryptographic Issues
|
CVE-2013-5915
|
2024-11-21 10:58 |
2013-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283542
|
- |
|
wearegumball
|
comment-attachment
|
Cross-site scripting (XSS) vulnerability in the Comment Attachment plugin 1.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via the "Attachment field title."
|
CWE-79
Cross-site Scripting
|
CVE-2013-6010
|
2024-11-21 10:58 |
2013-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283543
|
- |
|
open-xchange
|
open-xchange_appsuite
|
CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting …
|
CWE-94
Code Injection
|
CVE-2013-6009
|
2024-11-21 10:58 |
2013-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283544
|
- |
|
siemens
|
scalance_x-200_series_firmware
scalance_x-200
scalance_x-200irt
|
The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which a…
|
CWE-287
Improper Authentication
|
CVE-2013-5944
|
2024-11-21 10:58 |
2013-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283545
|
- |
|
springsignage
|
xibo
|
Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.
|
CWE-22
Path Traversal
|
CVE-2013-5979
|
2024-11-21 10:58 |
2013-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283546
|
- |
|
f5
|
big-ip_access_policy_manager
|
Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web…
|
CWE-79
Cross-site Scripting
|
CVE-2013-5976
|
2024-11-21 10:58 |
2013-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283547
|
- |
|
f5
|
big-ip_access_policy_manager
|
The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5975
|
2024-11-21 10:58 |
2013-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283548
|
- |
|
david_king
canonical
|
vino
ubuntu_linux
|
The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error …
|
CWE-20
Improper Input Validation
|
CVE-2013-5745
|
2024-11-21 10:58 |
2013-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283549
|
- |
|
metaclassy
|
byword
|
The Metaclassy Byword app 2.x before 2.1 for iOS does not require confirmation of Replace file actions, which allows remote attackers to overwrite arbitrary files via the name and text parameters in …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5725
|
2024-11-21 10:58 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283550
|
- |
|
cdsincdesign
|
simple_dropbox_upload_form
|
Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executab…
|
NVD-CWE-Other
|
CVE-2013-5963
|
2024-11-21 10:58 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
