|
286121
|
- |
|
puppetlabs
puppet
|
puppet
puppet_enterprise
|
Puppet Labs Puppet Enterprise before 2.8.0 does not use a "randomized secret" in the CAS client config file (cas_client_config.yml) when upgrading from older 1.2.x or 2.0.x versions, which allows rem…
|
CWE-310
Cryptographic Issues
|
CVE-2013-2716
|
2024-11-21 10:52 |
2013-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286122
|
- |
|
chatelao
|
php_address_book
|
Cross-site request forgery (CSRF) vulnerability in addressbook/register/delete_user.php in PHP Address Book 8.2.5 allows remote attackers to hijack the authentication of administrators for requests t…
|
CWE-352
Origin Validation Error
|
CVE-2013-2778
|
2024-11-21 10:52 |
2013-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286123
|
- |
|
apple
todd_miller
|
mac_os_x
sudo
|
sudo before 1.7.10p5 and 1.8.x before 1.8.6p6, when the tty_tickets option is enabled, does not properly validate the controlling terminal device, which allows local users with sudo permissions to hi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2777
|
2024-11-21 10:52 |
2013-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286124
|
- |
|
todd_miller
apple
|
sudo
mac_os_x
|
sudo 1.3.5 through 1.7.10p5 and 1.8.0 through 1.8.6p6, when running on systems without /proc or the sysctl function with the tty_tickets option enabled, does not properly validate the controlling ter…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2776
|
2024-11-21 10:52 |
2013-04-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286125
|
- |
|
novell
|
kanaka
|
The installation functionality in the Novell Kanaka component before 2.8 for Novell Open Enterprise Server (OES) on Mac OS X does not verify the server's X.509 certificate during an SSL session, whic…
|
CWE-20
Improper Input Validation
|
CVE-2013-2770
|
2024-11-21 10:52 |
2013-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286126
|
- |
|
schneider-electric
|
magelis_xbt_hmi
|
The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions…
|
CWE-255
CWE-352
Credentials Management
Origin Validation Error
|
CVE-2013-2762
|
2024-11-21 10:52 |
2013-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286127
|
- |
|
schneider-electric
|
modicon_m340
|
The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allow remote authenticated users to cause a denial of service (module crash) via crafted FTP traffic, as demonstrated by the FileZill…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-2761
|
2024-11-21 10:52 |
2013-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286128
|
- |
|
schneider-electric
|
modicon_m340_bmx_noc_0401_firmware
modicon_m340_bmx_noe_0100_firmware
modicon_m340_bmx_noe_0100h_firmware
modicon_m340_bmx_noe_0110_firmware
modicon_m340_bmx_noe_0110h_firmware
modicon…
|
The Schneider Electric M340 PLC modules allow remote attackers to cause a denial of service (resource consumption) via unspecified vectors. NOTE: the vendor reportedly disputes this issue because it…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2013-2763
|
2024-11-21 10:52 |
2013-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286129
|
- |
|
ithemes
|
backupbuddy
|
importbuddy.php in the BackupBuddy plugin 2.2.25 for WordPress allows remote attackers to obtain configuration information via a step 0 phpinfo action, which calls the phpinfo function.
|
CWE-200
Information Exposure
|
CVE-2013-2744
|
2024-11-21 10:52 |
2013-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286130
|
- |
|
ithemes
|
backupbuddy
|
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress allows remote attackers to bypass authentication via a crafted integer in the step parameter.
|
CWE-287
Improper Authentication
|
CVE-2013-2743
|
2024-11-21 10:52 |
2013-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
