|
286221
|
- |
|
reviewboard
|
review_board
|
Multiple cross-site scripting (XSS) vulnerabilities in Review Board 1.6.x before 1.6.21 and 1.7.x before 1.7.17 allow remote attackers to inject arbitrary web script or HTML via the (1) Branch field …
|
CWE-79
Cross-site Scripting
|
CVE-2013-4519
|
2024-11-21 10:55 |
2013-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286222
|
- |
|
spip
|
spip
|
The Security Screen (_core_/securite/ecran_securite.php) before 1.1.8 for SPIP, as used in SPIP 3.0.x before 3.0.12, allows remote attackers to execute arbitrary PHP via the connect parameter.
|
CWE-94
Code Injection
|
CVE-2013-4557
|
2024-11-21 10:55 |
2013-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286223
|
- |
|
spip
|
spip
|
Cross-site scripting (XSS) vulnerability in the author page (prive/formulaires/editer_auteur.php) in SPIP before 2.1.24 and 3.0.x before 3.0.12 allows remote attackers to inject arbitrary web script …
|
CWE-79
Cross-site Scripting
|
CVE-2013-4556
|
2024-11-21 10:55 |
2013-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286224
|
- |
|
spip
|
spip
|
Cross-site request forgery (CSRF) vulnerability in ecrire/action/logout.php in SPIP before 2.1.24 allows remote attackers to hijack the authentication of arbitrary users for requests that logout the …
|
CWE-352
Origin Validation Error
|
CVE-2013-4555
|
2024-11-21 10:55 |
2013-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286225
|
- |
|
xen
|
xen
|
Xen 4.2.x and 4.3.x, when nested virtualization is disabled, does not properly check the emulation paths for (1) VMLAUNCH and (2) VMRESUME, which allows local HVM guest users to cause a denial of ser…
|
CWE-20
Improper Input Validation
|
CVE-2013-4551
|
2024-11-21 10:55 |
2013-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286226
|
- |
|
tryton
|
tryton
|
Directory traversal vulnerability in the client in Tryton 3.0.0, as distributed before 20131104 and earlier, allows remote servers to write arbitrary files via path separators in the extension of a r…
|
CWE-22
Path Traversal
|
CVE-2013-4510
|
2024-11-21 10:55 |
2013-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286227
|
- |
|
redhat
suse
|
network_satellite
satellite_with_embedded_oracle
satellite
manager
linux_enterprise
|
Red Hat Satellite 5.6 and earlier does not disable the web interface that is used to create the first user for a satellite, which allows remote attackers to create administrator accounts.
|
CWE-668
Exposure of Resource to Wrong Sphere
|
CVE-2013-4480
|
2024-11-21 10:55 |
2013-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286228
|
- |
|
osirix-viewer
|
osirix
osirix_md
|
The DICOM listener in OsiriX before 5.8 and before 2.5-MD, when starting up, encrypts the TLS private key file using "SuperSecretPassword" as the hardcoded password, which allows local users to obtai…
|
CWE-255
Credentials Management
|
CVE-2013-4425
|
2024-11-21 10:55 |
2013-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286229
|
- |
|
google
|
web_toolkit
|
Multiple cross-site scripting (XSS) vulnerabilities in the JUnit files in the GWTTestCase in Google Web Toolkit (GWT) before 2.5.1 RC1 allow remote attackers to inject arbitrary web script or HTML vi…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4204
|
2024-11-21 10:55 |
2013-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286230
|
- |
|
samba
|
samba
|
Samba 4.0.x before 4.0.11 and 4.1.x before 4.1.1, when LDAP or HTTP is provided over SSL, uses world-readable permissions for a private key, which allows local users to obtain sensitive information b…
|
CWE-310
Cryptographic Issues
|
CVE-2013-4476
|
2024-11-21 10:55 |
2013-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
