|
287931
|
- |
|
puppet
|
puppet_enterprise
|
Puppet Enterprise before 3.0.1 uses HTTP responses that contain sensitive information without the "no-cache" setting, which might allow local users to obtain sensitive information such as (1) host na…
|
CWE-200
Information Exposure
|
CVE-2013-4959
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287932
|
- |
|
puppet
|
puppet_enterprise
|
Puppet Enterprise before 3.0.1 does not use a session timeout, which makes it easier for attackers to gain privileges by leveraging an unattended workstation.
|
CWE-287
Improper Authentication
|
CVE-2013-4958
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287933
|
- |
|
puppetlabs
puppet
|
puppet
puppet_enterprise
|
Puppet Module Tool (PMT), as used in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, installs modules with weak permissions if thos…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4956
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287934
|
- |
|
puppet
|
puppet_enterprise
|
Open redirect vulnerability in the login page in Puppet Enterprise before 3.0.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the service …
|
CWE-20
Improper Input Validation
|
CVE-2013-4955
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287935
|
- |
|
puppet
|
puppet_enterprise
|
Puppet Enterprise before 3.0.1 does not sufficiently invalidate a session when a user logs out, which might allow remote attackers to hijack sessions by obtaining an old session ID.
|
CWE-20
Improper Input Validation
|
CVE-2013-4762
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287936
|
- |
|
puppetlabs
puppet
|
puppet
puppet_enterprise
|
Unspecified vulnerability in Puppet 2.7.x before 2.7.23 and 3.2.x before 3.2.4, and Puppet Enterprise 2.8.x before 2.8.3 and 3.0.x before 3.0.1, allows remote attackers to execute arbitrary Ruby prog…
|
NVD-CWE-noinfo
|
CVE-2013-4761
|
2024-11-21 10:56 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287937
|
- |
|
opensuse
phpmyadmin
|
opensuse
phpmyadmin
|
phpMyAdmin 3.5.x and 4.0.x before 4.0.5 allows remote attackers to bypass the clickjacking protection mechanism via certain vectors related to Header.class.php.
|
CWE-20
Improper Input Validation
|
CVE-2013-5029
|
2024-11-21 10:56 |
2013-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287938
|
- |
|
winscp
debian
opensuse
putty
simon_tatham
|
winscp
debian_linux
opensuse
putty
|
Integer overflow in PuTTY 0.62 and earlier, WinSCP before 5.1.6, and other products that use PuTTY allows remote SSH servers to cause a denial of service (crash) and possibly execute arbitrary code i…
|
CWE-189
Numeric Errors
|
CVE-2013-4852
|
2024-11-21 10:56 |
2013-08-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287939
|
- |
|
bigtreecms
|
bigtree_cms
|
Cross-site request forgery (CSRF) vulnerability in core/admin/modules/users/create.php in BigTree CMS 4.0 RC2 and earlier allows remote attackers to hijack the authentication of administrators for re…
|
CWE-352
Origin Validation Error
|
CVE-2013-4881
|
2024-11-21 10:56 |
2013-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287940
|
- |
|
hp
|
service_manager
service_center
|
Unspecified vulnerability in HP Service Manager 7.11, 9.21, 9.30, and 9.31 and Service Center 6.2.8 allows remote attackers to obtain privileged access via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2013-4808
|
2024-11-21 10:56 |
2013-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
