|
283711
|
- |
|
open-xchange
|
open-xchange_appsuite
|
CRLF injection vulnerability in Open-Xchange AppSuite before 7.2.2, when using AJP in certain conditions, allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting …
|
CWE-94
Code Injection
|
CVE-2013-6009
|
2024-11-21 10:58 |
2013-10-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283712
|
- |
|
siemens
|
scalance_x-200_series_firmware
scalance_x-200
scalance_x-200irt
|
The integrated web server on Siemens SCALANCE X-200 switches with firmware before 4.5.0 and X-200IRT switches with firmware before 5.1.0 does not properly enforce authentication requirements, which a…
|
CWE-287
Improper Authentication
|
CVE-2013-5944
|
2024-11-21 10:58 |
2013-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283713
|
- |
|
springsignage
|
xibo
|
Directory traversal vulnerability in Spring Signage Xibo 1.2.x before 1.2.3 and 1.4.x before 1.4.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the p parameter to index.php.
|
CWE-22
Path Traversal
|
CVE-2013-5979
|
2024-11-21 10:58 |
2013-10-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283714
|
- |
|
f5
|
big-ip_access_policy_manager
|
Cross-site scripting (XSS) vulnerability in the access policy logout page (logout.inc) in F5 BIG-IP APM 10.1.0 through 10.2.4 and 11.1.0 through 11.3.0 allows remote attackers to inject arbitrary web…
|
CWE-79
Cross-site Scripting
|
CVE-2013-5976
|
2024-11-21 10:58 |
2013-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283715
|
- |
|
f5
|
big-ip_access_policy_manager
|
The access policy logon page (logon.inc) in F5 BIG-IP APM 11.1.0 through 11.2.1 allows remote attackers to conduct clickjacking attacks via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5975
|
2024-11-21 10:58 |
2013-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283716
|
- |
|
david_king
canonical
|
vino
ubuntu_linux
|
The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error …
|
CWE-20
Improper Input Validation
|
CVE-2013-5745
|
2024-11-21 10:58 |
2013-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283717
|
- |
|
metaclassy
|
byword
|
The Metaclassy Byword app 2.x before 2.1 for iOS does not require confirmation of Replace file actions, which allows remote attackers to overwrite arbitrary files via the name and text parameters in …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5725
|
2024-11-21 10:58 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283718
|
- |
|
cdsincdesign
|
simple_dropbox_upload_form
|
Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executab…
|
NVD-CWE-Other
|
CVE-2013-5963
|
2024-11-21 10:58 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283719
|
- |
|
envato
|
complete_gallery_manager_plugin
|
Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uplo…
|
NVD-CWE-Other
|
CVE-2013-5962
|
2024-11-21 10:58 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283720
|
- |
|
danny_morris
|
lazy_seo
|
Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a…
|
NVD-CWE-Other
|
CVE-2013-5961
|
2024-11-21 10:58 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
