|
287921
|
- |
|
redhat
|
freeipa
|
The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0199
|
2024-11-21 10:47 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287922
|
- |
|
isync_project
|
isync
|
Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-midd…
|
CWE-310
Cryptographic Issues
|
CVE-2013-0289
|
2024-11-21 10:47 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287923
|
- |
|
mantisbt
|
mantisbt
|
Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2 function in core/filter_api.php in MantisBT 1.2.12 before 1.2.13 allows remote attackers to inject arbitrary web script or …
|
CWE-79
Cross-site Scripting
|
CVE-2013-0197
|
2024-11-21 10:47 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287924
|
- |
|
varnish_cache_project
|
varnish_cache
|
varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. N…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0345
|
2024-11-21 10:47 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287925
|
- |
|
theforeman
|
foreman
|
The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands.
|
CWE-94
Code Injection
|
CVE-2013-0210
|
2024-11-21 10:47 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287926
|
- |
|
theforeman
|
foreman
|
Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0187
|
2024-11-21 10:47 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287927
|
- |
|
david_leonard
|
pkstat
|
tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log.
|
CWE-59
Link Following
|
CVE-2013-0350
|
2024-11-21 10:47 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287928
|
- |
|
zlib
|
pigz
|
Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0296
|
2024-11-21 10:47 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287929
|
- |
|
schneider-electric
schneider_electric
|
somachine
concept
modbus_serial_driver
sft2841
somove
opc_factory_server
powersuite
pl7
modbuscommdtm_sl
unity_pro
twidosuite
unityloader
|
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a …
|
CWE-787
Out-of-bounds Write
|
CVE-2013-0662
|
2024-11-21 10:47 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287930
|
- |
|
owncloud
|
owncloud
|
Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: th…
|
NVD-CWE-noinfo
|
CVE-2013-0303
|
2024-11-21 10:47 |
2014-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
