|
288091
|
- |
|
mantisbt
|
mantisbt
|
Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2 function in core/filter_api.php in MantisBT 1.2.12 before 1.2.13 allows remote attackers to inject arbitrary web script or …
|
CWE-79
Cross-site Scripting
|
CVE-2013-0197
|
2024-11-21 10:47 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288092
|
- |
|
varnish_cache_project
|
varnish_cache
|
varnish 3.0.3 uses world-readable permissions for the /var/log/varnish/ directory and the log files in the directory, which allows local users to obtain sensitive information by reading the files. N…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0345
|
2024-11-21 10:47 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288093
|
- |
|
theforeman
|
foreman
|
The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands.
|
CWE-94
Code Injection
|
CVE-2013-0210
|
2024-11-21 10:47 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288094
|
- |
|
theforeman
|
foreman
|
Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0187
|
2024-11-21 10:47 |
2014-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288095
|
- |
|
david_leonard
|
pkstat
|
tmp_smtp.c in pktstat 1.8.5 allows local users to overwrite arbitrary files via a symlink attack on /tmp/smtp.log.
|
CWE-59
Link Following
|
CVE-2013-0350
|
2024-11-21 10:47 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288096
|
- |
|
zlib
|
pigz
|
Race condition in pigz before 2.2.5 uses permissions derived from the umask when compressing a file before setting that file's permissions to match those of the original file, which might allow local…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0296
|
2024-11-21 10:47 |
2014-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288097
|
- |
|
schneider-electric
schneider_electric
|
somachine
concept
modbus_serial_driver
sft2841
somove
opc_factory_server
powersuite
pl7
modbuscommdtm_sl
unity_pro
twidosuite
unityloader
|
Multiple stack-based buffer overflows in ModbusDrv.exe in Schneider Electric Modbus Serial Driver 1.10 through 3.2 allow remote attackers to execute arbitrary code via a large buffer-size value in a …
|
CWE-787
Out-of-bounds Write
|
CVE-2013-0662
|
2024-11-21 10:47 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288098
|
- |
|
owncloud
|
owncloud
|
Unspecified vulnerability in core/ajax/translations.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: th…
|
NVD-CWE-noinfo
|
CVE-2013-0303
|
2024-11-21 10:47 |
2014-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288099
|
- |
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/…
|
CWE-79
Cross-site Scripting
|
CVE-2013-0201
|
2024-11-21 10:47 |
2014-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288100
|
- |
|
owncloud
|
owncloud
|
Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that ch…
|
CWE-352
Origin Validation Error
|
CVE-2013-0301
|
2024-11-21 10:47 |
2014-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
