|
288501
|
- |
|
openstack
|
heat
|
The cloudformation-compatible API in OpenStack Orchestration API (Heat) before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance us…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6426
|
2024-11-21 10:59 |
2013-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288502
|
- |
|
openttd
|
openttd
|
The HandleCrashedAircraft function in aircraft_cmd.cpp in OpenTTD 0.3.6 through 1.3.2 allows remote attackers to cause a denial of service (out-of-bounds read and crash) by crashing an aircraft outsi…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-6411
|
2024-11-21 10:59 |
2013-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288503
|
- |
|
openstack
canonical
redhat
|
keystone
ubuntu_linux
openstack
|
The ec2tokens API in OpenStack Identity (Keystone) before Havana 2013.2.1 and Icehouse before icehouse-2 does not return a trust-scoped token when one is received, which allows remote trust users to …
|
CWE-269
Improper Privilege Management
|
CVE-2013-6391
|
2024-11-21 10:59 |
2013-12-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288504
|
- |
|
philippe_jounin
|
tftpd32
|
Format string vulnerability in the client in Tftpd32 before 4.50 allows remote servers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in the Remo…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2013-6809
|
2024-11-21 10:59 |
2013-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288505
|
- |
|
xen
|
xen
|
Xen 4.2.x and 4.3.x, when using Intel VT-d and a PCI device has been assigned, does not clear the flag that suppresses IOMMU TLB flushes when unspecified errors occur, which causes the TLB entries to…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6400
|
2024-11-21 10:59 |
2013-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288506
|
- |
|
munin-monitoring
|
munin
|
Munin::Master::Node in Munin before 2.0.18 allows remote attackers to cause a denial of service (abort data collection for node) via a plugin that uses "multigraph" as a multigraph service name.
|
CWE-20
Improper Input Validation
|
CVE-2013-6359
|
2024-11-21 10:59 |
2013-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288507
|
- |
|
percona
opensuse
|
xtrabackup
opensuse
|
Percona XtraBackup before 2.1.6 uses a constant string for the initialization vector (IV), which makes it easier for local users to defeat cryptographic protection mechanisms and conduct plaintext at…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6394
|
2024-11-21 10:59 |
2013-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288508
|
- |
|
instantsoft
|
instantcms
|
SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id].
|
CWE-89
SQL Injection
|
CVE-2013-6839
|
2024-11-21 10:59 |
2013-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288509
|
- |
|
projectsprouts
|
sprout
|
The unpack_zip function in archive_unpacker.rb in the sprout gem 0.7.246 for Ruby allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a (1) filename or (2) pa…
|
CWE-94
Code Injection
|
CVE-2013-6421
|
2024-11-21 10:59 |
2013-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288510
|
- |
|
emc
|
connectrix_manager
|
The server in Brocade Network Advisor before 12.1.0, as used in EMC Connectrix Manager Converged Network Edition (CMCNE), HP B-series SAN Network Advisor, and possibly other products, allows remote a…
|
CWE-94
Code Injection
|
CVE-2013-6810
|
2024-11-21 10:59 |
2013-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
