|
287921
|
- |
|
strongswan
opensuse
|
strongswan
opensuse
|
The is_asn1 function in strongSwan 4.1.11 through 5.0.4 does not properly validate the return value of the asn1_length function, which allows remote attackers to cause a denial of service (segmentati…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-5018
|
2024-11-21 10:56 |
2013-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287922
|
- |
|
realnetworks
|
realplayer
realplayer_sp
|
RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malformed RealM…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4974
|
2024-11-21 10:56 |
2013-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287923
|
- |
|
realnetworks
|
realplayer
realplayer_sp
|
Stack-based buffer overflow in RealNetworks RealPlayer before 16.0.3.51, and RealPlayer SP 1.0 through 1.1.5, allows remote attackers to execute arbitrary code via a crafted .rmp file.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4973
|
2024-11-21 10:56 |
2013-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287924
|
- |
|
janrain
|
php-openid
|
Auth/Yadis/XML.php in PHP OpenID Library 2.2.2 and earlier allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consum…
|
NVD-CWE-noinfo
|
CVE-2013-4701
|
2024-11-21 10:56 |
2013-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287925
|
- |
|
yahoo
|
japan_shopping
|
The Yahoo! Japan Shopping application 1.4 and earlier for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive i…
|
CWE-310
Cryptographic Issues
|
CVE-2013-4700
|
2024-11-21 10:56 |
2013-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287926
|
- |
|
yahoo
|
yafuoku\!
|
The Yahoo! Japan Yafuoku! application 4.3.0 and earlier for iOS and Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain s…
|
CWE-310
Cryptographic Issues
|
CVE-2013-4699
|
2024-11-21 10:56 |
2013-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287927
|
- |
|
puppet
|
puppet_enterprise
|
Puppet Enterprise before 3.0.1 allows remote attackers to obtain the database password via vectors related to how the password is "seeded as a console parameter," External Node Classifiers, and the l…
|
CWE-255
Credentials Management
|
CVE-2013-4967
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287928
|
- |
|
puppet
|
puppet_enterprise
|
Puppet Enterprise before 3.0.1 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmiss…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4964
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287929
|
- |
|
puppet
|
puppet_enterprise
|
The reset password page in Puppet Enterprise before 3.0.1 does not force entry of the current password, which allows attackers to modify user passwords by leveraging session hijacking, an unattended …
|
CWE-255
Credentials Management
|
CVE-2013-4962
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287930
|
- |
|
puppet
|
puppet_enterprise
|
Puppet Enterprise before 3.0.1 includes version information for the Apache and Phusion Passenger products in its HTTP response headers, which allows remote attackers to obtain sensitive information.
|
CWE-200
Information Exposure
|
CVE-2013-4961
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
