|
284381
|
- |
|
twilightcms
|
twilight_cms
|
Cross-site scripting (XSS) vulnerability in Twilight CMS 5.17 and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO to the gallery/ page.
|
CWE-79
Cross-site Scripting
|
CVE-2013-4899
|
2024-11-21 10:56 |
2013-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284382
|
- |
|
htmlcleaner_project
open-xchange
|
htmlcleaner
open-xchange_appsuite
|
Multiple race conditions in HtmlCleaner before 2.6, as used in Open-Xchange AppSuite 7.2.2 before rev13 and other products, allow remote authenticated users to read the private e-mail of other person…
|
CWE-362
Race Condition
|
CVE-2013-5035
|
2024-11-21 10:56 |
2013-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284383
|
- |
|
open-xchange
|
open-xchange_appsuite
|
Open-Xchange AppSuite before 7.0.2 rev14, 7.2.0 before rev11, 7.2.1 before rev10, and 7.2.2 before rev9 relies on user-supplied data to predict the IMAP server hostname for an external domain name, w…
|
CWE-255
Credentials Management
|
CVE-2013-4790
|
2024-11-21 10:56 |
2013-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284384
|
- |
|
lockon
|
ec-cube
|
Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbit…
|
CWE-22
Path Traversal
|
CVE-2013-4702
|
2024-11-21 10:56 |
2013-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284385
|
- |
|
strongswan
opensuse
|
strongswan
opensuse
|
The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentati…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-5018
|
2024-11-21 10:56 |
2013-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284386
|
- |
|
realnetworks
|
realplayer
realplayer_sp
|
RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed RealM…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4974
|
2024-11-21 10:56 |
2013-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284387
|
- |
|
realnetworks
|
realplayer
realplayer_sp
|
Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted .rmp file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4973
|
2024-11-21 10:56 |
2013-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284388
|
- |
|
janrain
|
php-openid
|
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consum…
|
NVD-CWE-noinfo
|
CVE-2013-4701
|
2024-11-21 10:56 |
2013-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284389
|
- |
|
yahoo
|
japan_shopping
|
The Yahoo! Japan Shopping application 1.4 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive i…
|
CWE-310
Cryptographic Issues
|
CVE-2013-4700
|
2024-11-21 10:56 |
2013-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284390
|
- |
|
yahoo
|
yafuoku\!
|
The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain s…
|
CWE-310
Cryptographic Issues
|
CVE-2013-4699
|
2024-11-21 10:56 |
2013-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
