|
289251
|
- |
|
alienwp
|
hatch
|
Cross-site scripting (XSS) vulnerability in the Hatch theme 7.x-1.x before 7.x-1.4 for Drupal allows remote authenticated users with the "Administer content," "Create new article," or "Edit any artic…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4138
|
2024-11-21 10:54 |
2013-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289252
|
- |
|
openstack
opensuse
|
python_glanceclient
opensuse
|
The Python client library for Glance (python-glanceclient) before 0.10.0 does not properly check the preverify_ok value, which prevents the server hostname from being verified with a domain name in t…
|
CWE-20
Improper Input Validation
|
CVE-2013-4111
|
2024-11-21 10:54 |
2013-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289253
|
- |
|
ibm
|
websphere_extended_deployment_compute_grid
|
IBM WebSphere Extended Deployment Compute Grid 8.0 before 8.0.0.3 allows remote authenticated users to obtain sensitive information, and consequently bypass intended access restrictions on jobs, via …
|
CWE-200
Information Exposure
|
CVE-2013-4039
|
2024-11-21 10:54 |
2013-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289254
|
- |
|
ibm
|
db2_connect
db2
|
IBM DB2 and DB2 Connect 9.7 through FP8, 9.8 through FP5, 10.1 through FP2, and 10.5 through FP1 allow remote authenticated users to execute DML statements by leveraging EXPLAIN authority.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4033
|
2024-11-21 10:54 |
2013-08-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289255
|
- |
|
ibm
|
websphere_application_server
|
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 6.1 before 6.1.0.47, 7.0 before 7.0.0.31, 8.0 before 8.0.0.7, and 8.5 before 8.5.5.1 a…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4005
|
2024-11-21 10:54 |
2013-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289256
|
- |
|
ibm
|
websphere_application_server
|
Cross-site scripting (XSS) vulnerability in the Administrative console in IBM WebSphere Application Server (WAS) 8.0 before 8.0.0.7 and 8.5 before 8.5.5.1 allows remote authenticated users to inject …
|
CWE-79
Cross-site Scripting
|
CVE-2013-4004
|
2024-11-21 10:54 |
2013-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289257
|
- |
|
openstack
|
swift
havana
grizzly
folsom
|
OpenStack Swift before 1.9.1 in Folsom, Grizzly, and Havana allows authenticated users to cause a denial of service ("superfluous" tombstone consumption and Swift cluster slowdown) via a DELETE reque…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4155
|
2024-11-21 10:54 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289258
|
- |
|
spice_project
canonical
|
spice
ubuntu_linux
|
The (1) red_channel_pipes_add_type and (2) red_channel_pipes_add_empty_msg functions in server/red_channel.c in SPICE before 0.12.4 do not properly perform ring loops, which might allow remote attack…
|
CWE-399
Resource Management Errors
|
CVE-2013-4130
|
2024-11-21 10:54 |
2013-08-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289259
|
- |
|
ruby-lang
|
ruby
|
The OpenSSL::SSL.verify_certificate_identity function in lib/openssl/ssl.rb in Ruby 1.8 before 1.8.7-p374, 1.9 before 1.9.3-p448, and 2.0 before 2.0.0-p247 does not properly handle a '\0' character i…
|
CWE-310
Cryptographic Issues
|
CVE-2013-4073
|
2024-11-21 10:54 |
2013-08-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289260
|
- |
|
henri_wahl
|
nagstamon
|
The automatic update request in Nagstamont before 0.9.10 uses a cleartext base64 format for transmission of a username and password, which allows remote attackers to obtain sensitive information by s…
|
CWE-255
Credentials Management
|
CVE-2013-4114
|
2024-11-21 10:54 |
2013-08-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
