|
288511
|
- |
|
xmlsoft
|
libxml2
|
Multiple use-after-free vulnerabilities in libxml2 2.9.0 and possibly other versions might allow context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code v…
|
CWE-399
Resource Management Errors
|
CVE-2013-1969
|
2024-11-21 10:50 |
2013-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288512
|
- |
|
blinkwebeffects
|
social-media-widget
|
Social Media Widget (social-media-widget) plugin 4.0 for WordPress contains an externally introduced modification (Trojan Horse), which allows remote attackers to force the upload of arbitrary files.
|
NVD-CWE-noinfo
|
CVE-2013-1949
|
2024-11-21 10:50 |
2013-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288513
|
- |
|
rob_westgeest
|
md2pdf
|
converter.rb in the md2pdf gem 0.0.1 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename.
|
NVD-CWE-noinfo
|
CVE-2013-1948
|
2024-11-21 10:50 |
2013-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288514
|
- |
|
kelly_d._redding
|
kelredd-pruview
|
kelredd-pruview gem 0.3.8 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a filename argument to (1) document.rb, (2) video.rb, or (3) video_imag…
|
CWE-78
OS Command
|
CVE-2013-1947
|
2024-11-21 10:50 |
2013-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288515
|
- |
|
documentcloud
|
karteek-docsplit
|
The extract_from_ocr function in lib/docsplit/text_extractor.rb in the Karteek Docsplit (karteek-docsplit) gem 0.5.4 for Ruby allows context-dependent attackers to execute arbitrary commands via shel…
|
CWE-78
OS Command
|
CVE-2013-1933
|
2024-11-21 10:50 |
2013-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288516
|
- |
|
trustwave
opensuse
fedoraproject
debian
|
modsecurity
opensuse
fedora
debian_linux
|
ModSecurity before 2.7.3 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) via an XML external entity …
|
CWE-611
XXE
|
CVE-2013-1915
|
2024-11-21 10:50 |
2013-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288517
|
- |
|
linux
|
linux_kernel
|
The scm_check_creds function in net/core/scm.c in the Linux kernel before 3.8.6 does not properly enforce capability requirements for controlling the PID value associated with a UNIX domain socket, w…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1958
|
2024-11-21 10:50 |
2013-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288518
|
- |
|
linux
|
linux_kernel
|
The clone_mnt function in fs/namespace.c in the Linux kernel before 3.8.6 does not properly restrict changes to the MNT_READONLY flag, which allows local users to bypass an intended read-only propert…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1957
|
2024-11-21 10:50 |
2013-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288519
|
- |
|
linux
|
linux_kernel
|
The create_user_ns function in kernel/user_namespace.c in the Linux kernel before 3.8.6 does not check whether a chroot directory exists that differs from the namespace root directory, which allows l…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1956
|
2024-11-21 10:50 |
2013-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288520
|
- |
|
chatelao
|
php_address_book
|
Cross-site scripting (XSS) vulnerability in edit.php in PHP Address Book 8.2.5 allows user-assisted remote attackers to inject arbitrary web script or HTML via the Address field.
|
CWE-79
Cross-site Scripting
|
CVE-2013-1749
|
2024-11-21 10:50 |
2013-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
