|
285801
|
- |
|
samba
canonical
|
samba
ubuntu_linux
|
Samba 3.x before 3.6.23, 4.0.x before 4.0.16, and 4.1.x before 4.1.6 does not enforce the password-guessing protection mechanism for all interfaces, which makes it easier for remote attackers to obta…
|
CWE-255
Credentials Management
|
CVE-2013-4496
|
2024-11-21 10:55 |
2014-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285802
|
- |
|
vicidial
|
vicidial
|
Multiple SQL injection vulnerabilities in the agent interface (agc/) in VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allow (1) remote attackers to execute arbitrary SQ…
|
CWE-89
SQL Injection
|
CVE-2013-4467
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285803
|
- |
|
php
|
xhprof
|
Cross-site scripting (XSS) vulnerability in XHProf before 0.9.4 allows remote attackers to inject arbitrary web script or HTML via the run parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2013-4433
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285804
|
- |
|
schneems
|
wicked
|
Directory traversal vulnerability in controller/concerns/render_redirect.rb in the Wicked gem before 1.0.1 for Ruby allows remote attackers to read arbitrary files via a %2E%2E%2F (encoded dot dot sl…
|
CWE-22
Path Traversal
|
CVE-2013-4413
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285805
|
- |
|
plone
|
plone
|
mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password emai…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4198
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285806
|
- |
|
plone
|
plone
|
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) v…
|
CWE-20
Improper Input Validation
|
CVE-2013-4199
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285807
|
- |
|
plone
|
plone
|
member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2013-4197
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285808
|
- |
|
plone
|
plone
|
Multiple open redirect vulnerabilities in (1) marmoset_patch.py, (2) publish.py, and (3) principiaredirect.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote attac…
|
CWE-20
Improper Input Validation
|
CVE-2013-4195
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285809
|
- |
|
plone
|
plone
|
The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4196
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285810
|
- |
|
plone
|
plone
|
typeswidget.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly enforce the immutable setting on unspecified content edit forms, which allows remote attackers …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4193
|
2024-11-21 10:55 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
