|
287441
|
- |
|
hp
|
linux_imaging_and_printing_project
|
upgrade.py in the hp-upgrade service in HP Linux Imaging and Printing (HPLIP) 3.x through 3.13.11 launches a program from an http URL, which allows man-in-the-middle attackers to execute arbitrary co…
|
CWE-94
Code Injection
|
CVE-2013-6427
|
2024-11-21 10:59 |
2013-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287442
|
- |
|
quassel-irc
|
quassel_irc
|
Quassel core (server daemon) in Quassel IRC before 0.9.2 does not properly verify the user ID when accessing user backlogs, which allows remote authenticated users to read other users' backlogs via t…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6404
|
2024-11-21 10:59 |
2013-12-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287443
|
- |
|
drupal
|
drupal
|
Open redirect vulnerability in the Overlay module in Drupal 7.x before 7.24 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2013-6389
|
2024-11-21 10:59 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287444
|
- |
|
drupal
|
drupal
|
Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass in…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6386
|
2024-11-21 10:59 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287445
|
- |
|
drupal
|
drupal
|
The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote att…
|
CWE-94
Code Injection
|
CVE-2013-6385
|
2024-11-21 10:59 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287446
|
- |
|
wouter_verhelst
debian
canonical
|
nbd
debian_linux
ubuntu_linux
|
nbd-server in Network Block Device (nbd) before 3.5 does not properly check IP addresses, which might allow remote attackers to bypass intended access restrictions via an IP address that has a partia…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6410
|
2024-11-21 10:59 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287447
|
- |
|
debian
|
adequate
|
Debian adequate before 0.8.1, when run by root with the --user option, allows local users to hijack the tty and possibly gain privileges via the TIOCSTI ioctl.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6409
|
2024-11-21 10:59 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287448
|
- |
|
apache
|
solr
|
The DocumentAnalysisRequestHandler in Apache Solr before 4.3.1 does not properly use the EmptyEntityResolver, which allows remote attackers to have an unspecified impact via XML data containing an ex…
|
NVD-CWE-noinfo
|
CVE-2013-6408
|
2024-11-21 10:59 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287449
|
- |
|
apache
|
solr
|
The UpdateRequestHandler for XML in Apache Solr before 4.1 allows remote attackers to have an unspecified impact via XML data containing an external entity declaration in conjunction with an entity r…
|
NVD-CWE-noinfo
|
CVE-2013-6407
|
2024-11-21 10:59 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287450
|
- |
|
apache
|
solr
|
Directory traversal vulnerability in SolrResourceLoader in Apache Solr before 4.6 allows remote attackers to read arbitrary files via a .. (dot dot) or full pathname in the tr parameter to solr/selec…
|
CWE-22
Path Traversal
|
CVE-2013-6397
|
2024-11-21 10:59 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
