|
295381
|
- |
|
wordpress
|
wordpress
|
WordPress before 3.5.2, when the uploads directory forbids write access, allows remote attackers to obtain sensitive information via an invalid upload request, which reveals the absolute path in an X…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2203
|
2024-11-21 10:51 |
2013-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295382
|
- |
|
wordpress
|
wordpress
|
WordPress before 3.5.2 allows remote attackers to read arbitrary files via an oEmbed XML provider response containing an external entity declaration in conjunction with an entity reference, related t…
|
CWE-200
Information Exposure
|
CVE-2013-2202
|
2024-11-21 10:51 |
2013-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295383
|
- |
|
wordpress
|
wordpress
|
Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 3.5.2 allow remote attackers to inject arbitrary web script or HTML via vectors involving (1) uploads of media files, (2) editi…
|
CWE-79
Cross-site Scripting
|
CVE-2013-2201
|
2024-11-21 10:51 |
2013-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295384
|
- |
|
wordpress
|
wordpress
|
WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspeci…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2200
|
2024-11-21 10:51 |
2013-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295385
|
- |
|
wordpress
|
wordpress
|
The HTTP API in WordPress before 3.5.2 allows remote attackers to send HTTP requests to intranet servers via unspecified vectors, related to a Server-Side Request Forgery (SSRF) issue, a similar vuln…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2199
|
2024-11-21 10:51 |
2013-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295386
|
- |
|
hp
|
procurve_switch
h3c_switch
h3c_ethernet_switch
h3c_router
3com_router
procurve_router
3com_switch
h3c_routing_switch
h3c_processing_module
h3c_high_performance_main_process…
|
Unspecified vulnerability on the HP ProCurve JC###A, JC###B, JD###A, JD###B, JE###A, JF###A, JF###B, JF###C, JG###A, 658250-B21, and 658247-B21; HP 3COM routers and switches; and HP H3C routers and s…
|
NVD-CWE-noinfo
|
CVE-2013-2341
|
2024-11-21 10:51 |
2013-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295387
|
- |
|
linux
|
linux_kernel
|
The key_notify_policy_flush function in net/key/af_key.c in the Linux kernel before 3.9 does not initialize a certain structure member, which allows local users to obtain sensitive information from k…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-2237
|
2024-11-21 10:51 |
2013-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295388
|
- |
|
linux
|
linux_kernel
|
The (1) key_notify_sa_flush and (2) key_notify_policy_flush functions in net/key/af_key.c in the Linux kernel before 3.10 do not initialize certain structure members, which allows local users to obta…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-2234
|
2024-11-21 10:51 |
2013-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295389
|
- |
|
linux
|
linux_kernel
|
The ip6_sk_dst_check function in net/ipv6/ip6_output.c in the Linux kernel before 3.10 allows local users to cause a denial of service (system crash) by using an AF_INET6 socket for a connection to a…
|
CWE-20
Improper Input Validation
|
CVE-2013-2232
|
2024-11-21 10:51 |
2013-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295390
|
- |
|
redhat
|
enterprise_linux
|
A certain Red Hat patch for the Linux kernel 2.6.32 on Red Hat Enterprise Linux (RHEL) 6 allows local users to cause a denial of service (invalid free operation and system crash) or possibly gain pri…
|
NVD-CWE-Other
|
CVE-2013-2224
|
2024-11-21 10:51 |
2013-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
