244251
|
4.3 |
MEDIUM
|
oracle
|
fusion_middleware
|
Per: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
"Please refer to MOS note https://support.oracle.com/epmos/faces/DocumentDisplay?id=1586861.1 for configuration."
|
NVD-CWE-noinfo
|
CVE-2013-5773
|
2013-10-24 12:48 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244252
|
4.3 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0.0 and 11.1.2.1.0 allows remote attackers to affect integrity via unknown vectors related to End…
|
NVD-CWE-noinfo
|
CVE-2013-5798
|
2013-10-24 12:48 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244253
|
7.5 |
HIGH
|
oracle
|
identity_analytics sun_role_manager
|
Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 4.1 and 5.0 allows remote attackers to affect …
|
NVD-CWE-noinfo
|
CVE-2013-5815
|
2013-10-24 12:48 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244254
|
4.3 |
MEDIUM
|
oracle
|
enterprise_manager_plugin_for_database_control enterprise_manager_grid_control enterprise_manager_database_control
|
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.…
|
NVD-CWE-noinfo
|
CVE-2013-5827
|
2013-10-24 12:48 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244255
|
4.3 |
MEDIUM
|
oracle
|
enterprise_manager_database_control enterprise_manager_grid_control enterprise_manager_plugin_for_database_control
|
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.…
|
NVD-CWE-noinfo
|
CVE-2013-5828
|
2013-10-24 12:48 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244256
|
4.3 |
MEDIUM
|
oracle
|
enterprise_manager_grid_control enterprise_manager_plugin_for_database_control enterprise_manager_database_control
|
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.…
|
NVD-CWE-noinfo
|
CVE-2013-3762
|
2013-10-24 12:47 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244257
|
5.0 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 10.1.3.5.0 and 11.1.1.6.0 allows remote attackers to affect confidentiality via unknown vectors related to T…
|
NVD-CWE-noinfo
|
CVE-2013-3828
|
2013-10-24 12:47 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244258
|
5.5 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Portal component in Oracle Fusion Middleware 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related t…
|
NVD-CWE-noinfo
|
CVE-2013-3831
|
2013-10-24 12:47 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244259
|
4.3 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5.0 and 11.1.2.0.0 allows remote attackers to affect integrity via unknown vectors related to Authe…
|
NVD-CWE-noinfo
|
CVE-2013-3833
|
2013-10-24 12:47 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244260
|
3.5 |
LOW
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Web Cache component in Oracle Fusion Middleware 11.1.1.6 and 11.1.1.7 allows remote authenticated users to affect confidentiality via vectors related to ESI/Pa…
|
NVD-CWE-noinfo
|
CVE-2013-3836
|
2013-10-24 12:47 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244261
|
5.1 |
MEDIUM
|
vmware
|
springsource_spring_security
|
Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows a…
|
CWE-362
競合状態
|
CVE-2011-2731
|
2013-10-24 12:32 |
2012-12-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244262
|
4.0 |
MEDIUM
|
polarssl
|
polarssl
|
The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the sh…
|
CWE-310
暗号の問題
|
CVE-2011-1923
|
2013-10-24 12:31 |
2012-06-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244263
|
5.0 |
MEDIUM
|
perl
|
perl
|
Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular…
|
CWE-189
数値処理の問題
|
CVE-2010-1158
|
2013-10-24 12:22 |
2010-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244264
|
7.2 |
HIGH
|
larry_wall
|
perl
|
Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build dir…
|
NVD-CWE-Other
|
CVE-2005-4278
|
2013-10-24 10:56 |
2005-12-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244265
|
6.8 |
MEDIUM
|
draytek
|
vigor_2700_router_firmware vigor_2700_router
|
The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during in…
|
CWE-78
OSコマンド・インジェクション
|
CVE-2013-5703
|
2013-10-23 12:22 |
2013-10-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244266
|
2.6 |
LOW
|
apple
|
iphone_os
|
IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5137
|
2013-10-23 05:04 |
2013-09-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244267
|
7.8 |
HIGH
|
apple
|
iphone_os
|
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
|
CWE-20
不適切な入力確認
|
CVE-2013-5140
|
2013-10-23 04:59 |
2013-09-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244268
|
4.3 |
MEDIUM
|
apple
|
iphone_os
|
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attac…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-5151
|
2013-10-23 04:53 |
2013-09-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244269
|
7.1 |
HIGH
|
apple
|
iphone_os
|
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
|
CWE-20
不適切な入力確認
|
CVE-2013-5155
|
2013-10-23 04:52 |
2013-09-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244270
|
4.3 |
MEDIUM
|
apple
|
iphone_os
|
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a cr…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5156
|
2013-10-23 04:52 |
2013-09-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244271
|
5.0 |
MEDIUM
|
apple
|
iphone_os
|
The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5157
|
2013-10-23 04:26 |
2013-09-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244272
|
2.1 |
LOW
|
apple
|
iphone_os
|
The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Tw…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5158
|
2013-10-23 04:22 |
2013-09-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244273
|
4.3 |
MEDIUM
|
apple
|
iphone_os
|
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAM…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5159
|
2013-10-23 04:20 |
2013-09-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244274
|
2.1 |
LOW
|
apple
|
iphone_os
|
Springboard in Apple iOS before 7 does not properly manage the lock state in Lost Mode, which allows physically proximate attackers to read notifications via unspecified vectors.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5153
|
2013-10-23 04:07 |
2013-09-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244275
|
6.8 |
MEDIUM
|
cisco
|
virtualization_experience_client_6000 virtualization_experience_client_6000_series_firmware
|
The diagnostic module in the firmware on Cisco Virtualization Experience Client 6000 devices allows local users to bypass intended access restrictions and execute arbitrary commands via unspecified v…
|
CWE-20
不適切な入力確認
|
CVE-2013-5493
|
2013-10-23 03:54 |
2013-09-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244276
|
6.3 |
MEDIUM
|
cisco
|
telepresence_multipoint_switch
|
The Media Snapshot implementation on Cisco TelePresence Multipoint Switch (CTMS) devices allows remote authenticated users to cause a denial of service (device reload) by sending many Media Snapshot …
|
CWE-399
リソース管理の問題
|
CVE-2013-5516
|
2013-10-23 03:51 |
2013-10-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244277
|
4.6 |
MEDIUM
|
cisco
|
unified_computing_system
|
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to cause a denial of service via crafted command parameters that trigger hardware-component write operatio…
|
CWE-20
不適切な入力確認
|
CVE-2013-5550
|
2013-10-23 03:07 |
2013-10-22 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244278
|
5.8 |
MEDIUM
|
cisco
|
unified_computing_system
|
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM virtual-media data, which allows man-in-the-middle attackers to obtain sensitive information by sniffing…
|
CWE-310
暗号の問題
|
CVE-2012-4115
|
2013-10-22 02:18 |
2013-10-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244279
|
4.3 |
MEDIUM
|
watchguard
|
fireware watchguard_system_manager
|
Multiple cross-site scripting (XSS) vulnerabilities in WebCenter in WatchGuard WSM and Fireware before 11.8 allow remote attackers to inject arbitrary web script or HTML via unspecified parameters.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-5702
|
2013-10-22 00:42 |
2013-10-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244280
|
4.0 |
MEDIUM
|
cisco
|
unity_connection
|
Directory traversal vulnerability in the attachment service in the Voice Message Web Service (aka VMWS or Cisco Unity Web Service) in Cisco Unity Connection allows remote authenticated users to creat…
|
CWE-22
パス・トラバーサル
|
CVE-2013-5534
|
2013-10-21 23:43 |
2013-10-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244281
|
6.8 |
MEDIUM
|
iodata
|
hdl2-a\/e hdl2-ah hdl2-a_firmware hdl-a\/e hdl-ah hdl-as hdl-a_firmware
|
I-O DATA DEVICE HDL-A and HDL2-A devices with firmware 1.07 and earlier do not properly manage sessions, which allows remote attackers to obtain sensitive information or modify data via unspecified v…
|
CWE-399
リソース管理の問題
|
CVE-2013-4712
|
2013-10-21 23:31 |
2013-10-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244282
|
5.8 |
MEDIUM
|
cisco
|
unified_computing_system
|
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not properly verify X.509 certificates, which allows man-in-the-middle attackers to watch SSL KVM video-channel traffic …
|
CWE-20
不適切な入力確認
|
CVE-2012-4117
|
2013-10-21 22:51 |
2013-10-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244283
|
4.3 |
MEDIUM
|
cisco
|
unified_computing_system
|
The fabric-interconnect component in Cisco Unified Computing System (UCS) does not encrypt KVM media traffic, which allows remote attackers to obtain sensitive information, and consequently complete …
|
CWE-200
情報漏えい
|
CVE-2012-4116
|
2013-10-21 22:17 |
2013-10-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244284
|
5.8 |
MEDIUM
|
cisco
|
unified_computing_system
|
The fabric-interconnect KVM module in Cisco Unified Computing System (UCS) does not encrypt video data, which allows man-in-the-middle attackers to watch KVM display content by sniffing the network o…
|
CWE-310
暗号の問題
|
CVE-2012-4114
|
2013-10-21 22:16 |
2013-10-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244285
|
4.6 |
MEDIUM
|
cisco
|
unified_computing_system
|
The fabric-interconnect component in Cisco Unified Computing System (UCS) allows local users to gain privileges and read arbitrary files via crafted command parameters within the command-line interfa…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-4113
|
2013-10-21 22:04 |
2013-10-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244286
|
6.8 |
MEDIUM
|
cisco
|
unified_computing_system
|
The Baseboard Management Controller (BMC) in Cisco Unified Computing System (UCS) allows local users to gain privileges and execute arbitrary commands via crafted command parameters within the comman…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-4112
|
2013-10-21 21:45 |
2013-10-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244287
|
4.3 |
MEDIUM
|
process-one
|
ejabberd
|
The TLS driver in ejabberd before 2.1.12 supports (1) SSLv2 and (2) weak SSL ciphers, which makes it easier for remote attackers to obtain sensitive information via a brute-force attack.
|
CWE-310
暗号の問題
|
CVE-2013-6169
|
2013-10-19 02:46 |
2013-10-18 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244288
|
6.8 |
MEDIUM
|
cisco
|
unified_meetingplace unified_meetingplace_web_conferencing
|
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Unified MeetingPlace Solution, as used in Unified MeetingPlace Web Conferencing and Unified MeetingPlace, allows remote a…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2013-5494
|
2013-10-18 22:51 |
2013-09-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244289
|
5.5 |
MEDIUM
|
cisco
|
unified_communications_domain_manager
|
SQL injection vulnerability in the web framework in Cisco Unified Communications Domain Manager allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh…
|
CWE-89
SQLインジェクション
|
CVE-2013-5517
|
2013-10-18 04:27 |
2013-10-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244290
|
4.3 |
MEDIUM
|
cisco
|
wireless_lan_controller
|
Cross-site scripting (XSS) vulnerability in the management interface on Cisco Wireless LAN Controller (WLC) devices allows remote attackers to inject arbitrary web script or HTML via a crafted URL, a…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-5519
|
2013-10-18 04:19 |
2013-10-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244291
|
6.4 |
MEDIUM
|
cisco
|
video_surveillance_4000_ip_camera video_surveillance_4300e_ip_camera video_surveillance_4500e_ip_camera
|
The analytics page on Cisco Video Surveillance 4000 IP cameras has hardcoded credentials, which allows remote attackers to watch the video feed by leveraging knowledge of the password, aka Bug IDs CS…
|
CWE-255
証明書・パスワード管理
|
CVE-2013-5535
|
2013-10-18 04:09 |
2013-10-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244292
|
5.0 |
MEDIUM
|
emc
|
atmos
|
EMC Atmos before 2.1.4 has a blank password for the PostgreSQL account, which allows remote attackers to obtain sensitive administrative information via a database-server connection.
|
CWE-255
証明書・パスワード管理
|
CVE-2013-3279
|
2013-10-18 03:30 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244293
|
6.8 |
MEDIUM
|
oracle
|
ilearning
|
Unspecified vulnerability in the Oracle iLearning component in Oracle iLearning 5.2.1 and 6.0 allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate…
|
NVD-CWE-noinfo
|
CVE-2013-5822
|
2013-10-17 23:18 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244294
|
5.0 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle GlassFish Server component in Oracle Fusion Middleware 2.1.1, 3.0.1, and 3.1.2 allows remote attackers to affect availability via unknown vectors related to Me…
|
NVD-CWE-noinfo
|
CVE-2013-5816
|
2013-10-17 23:03 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244295
|
3.5 |
LOW
|
oracle
|
industry_applications
|
Unspecified vulnerability in the Oracle Health Sciences InForm component in Oracle Industry Applications 4.5 SP3, 4.5 SP3a-k, 4.6 SP0, 4.6 SP0a-c, 4.6 SP1, 4.6 SP1a-c, 4.6 SP2, 4.6 SP2a-c, 5.0 SP0, 5…
|
NVD-CWE-noinfo
|
CVE-2013-5811
|
2013-10-17 22:50 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244296
|
4.3 |
MEDIUM
|
oracle
|
supply_chain_products_suite
|
Unspecified vulnerability in the Oracle Agile PLM Framework component in Oracle Supply Chain Products Suite 9.3.2 allows remote attackers to affect integrity via unknown vectors related to Security.
|
NVD-CWE-noinfo
|
CVE-2013-5799
|
2013-10-17 04:15 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244297
|
4.3 |
MEDIUM
|
oracle
|
siebel_crm
|
Unspecified vulnerability in the Siebel Core - EAI component in Oracle Siebel CRM 8.1.1 and 8.2.2 allows remote attackers to affect availability via unknown vectors related to Web Services.
|
NVD-CWE-noinfo
|
CVE-2013-5796
|
2013-10-17 04:00 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244298
|
5.0 |
MEDIUM
|
oracle
|
e-business_suite
|
Unspecified vulnerability in the Techstack component in Oracle E-Business Suite 12.1 allows remote attackers to affect confidentiality via unknown vectors related to Apache.
|
NVD-CWE-noinfo
|
CVE-2013-5792
|
2013-10-17 03:56 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244299
|
6.9 |
MEDIUM
|
oracle
|
sun_system_firmware sparc_t4-1 sparc_t4-1b sparc_t4-4
|
Unspecified vulnerability in Oracle PARC Enterprise T4 Servers running Sun System Firmware before 8.3.0.b allows local users to affect confidentiality, integrity, and availability via vectors related…
|
NVD-CWE-noinfo
|
CVE-2013-5781
|
2013-10-17 03:29 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
244300
|
4.0 |
MEDIUM
|
oracle
|
peoplesoft_products
|
Unspecified vulnerability in the PeopleSoft Enterprise PeopleTools component in Oracle PeopleSoft Products 8.51, 8.52, and 8.53 allows remote authenticated users to affect confidentiality via vectors…
|
NVD-CWE-noinfo
|
CVE-2013-5779
|
2013-10-17 03:27 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|