245251
|
4.0 |
MEDIUM
|
siemens
|
simatic_pcs7 wincc
|
The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the use…
|
CWE-200
情報漏えい
|
CVE-2013-3959
|
2013-06-17 13:00 |
2013-06-15 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245252
|
4.3 |
MEDIUM
|
orchardproject
|
orchard
|
Cross-site scripting (XSS) vulnerability in the Orchard.Comments module in Orchard before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-3645
|
2013-06-15 00:12 |
2013-06-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245253
|
5.0 |
MEDIUM
|
hp
|
insight_diagnostics
|
hpdiags/frontend2/help/pageview.php in HP Insight Diagnostics 9.4.0.4710 does not properly restrict PHP include or require statements, which allows remote attackers to include arbitrary hpdiags/front…
|
CWE-20
不適切な入力確認
|
CVE-2013-3575
|
2013-06-15 00:00 |
2013-06-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245254
|
7.8 |
HIGH
|
hp
|
insight_diagnostics
|
Absolute path traversal vulnerability in hpdiags/frontend2/commands/saveCompareConfig.php in HP Insight Diagnostics 9.4.0.4710 allows remote attackers to write data to arbitrary files via a full path…
|
CWE-20
不適切な入力確認
|
CVE-2013-3574
|
2013-06-14 23:59 |
2013-06-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245255
|
4.3 |
MEDIUM
|
cisco
|
video_surveillance_operations_manager
|
Open redirect vulnerability in the help page in Cisco Video Surveillance Operations Manager allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a crafted…
|
CWE-20
不適切な入力確認
|
CVE-2013-3376
|
2013-06-14 22:18 |
2013-06-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245256
|
4.3 |
MEDIUM
|
cisco
|
prime_central_for_hosted_collaboration_solution
|
Cross-site scripting (XSS) vulnerability in the portal page in Cisco Prime Central for Hosted Collaboration Solution allows remote attackers to inject arbitrary web script or HTML via a crafted URL, …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-3375
|
2013-06-14 22:10 |
2013-06-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245257
|
10.0 |
HIGH
|
hp
|
insight_diagnostics
|
HP Insight Diagnostics 9.4.0.4710 allows remote attackers to conduct unspecified injection attacks via unknown vectors.
|
CWE-20
不適切な入力確認
|
CVE-2013-3573
|
2013-06-14 22:07 |
2013-06-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245258
|
4.3 |
MEDIUM
|
juniper
|
junos_pulse_secure_access_service junos_pulse_access_control_service
|
Juniper Junos Pulse Secure Access Service (aka SSL VPN) with IVE OS 7.0r2 through 7.0r8 and 7.1r1 through 7.1r5 and Junos Pulse Access Control Service (aka UAC) with UAC OS 4.1r1 through 4.1r5 includ…
|
CWE-310
暗号の問題
|
CVE-2013-3970
|
2013-06-14 02:47 |
2013-06-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245259
|
5.0 |
MEDIUM
|
cisco
|
hosted_collaboration_solution
|
Cisco Hosted Collaboration Mediation allows remote attackers to cause a denial of service (CPU consumption) via a flood of malformed UDP packets on port 162, aka Bug ID CSCug85756.
|
CWE-399
リソース管理の問題
|
CVE-2013-3381
|
2013-06-12 13:00 |
2013-06-12 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245260
|
5.8 |
MEDIUM
|
cisco
|
nx-os nexus_1000v
|
The SSL functionality in Cisco NX-OS on the Nexus 1000V does not properly verify X.509 certificates, which allows man-in-the-middle attackers to spoof servers, and intercept or modify Virtual Supervi…
|
CWE-310
暗号の問題
|
CVE-2013-1212
|
2013-06-11 13:00 |
2013-05-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245261
|
4.3 |
MEDIUM
|
filemaker
|
filemaker_pro filemaker_pro_advanced
|
Cross-site scripting (XSS) vulnerability in the Instant Web Publish function in FileMaker Pro before 12 and Pro Advanced before 12 allows remote attackers to inject arbitrary web script or HTML via u…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-3640
|
2013-06-11 13:00 |
2013-06-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245262
|
4.0 |
MEDIUM
|
linux
|
linux_kernel
|
The kvm_vm_ioctl_assign_device function in virt/kvm/assigned-dev.c in the KVM subsystem in the Linux kernel before 3.1.10 does not verify permission to access PCI configuration space and BAR resource…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2011-4347
|
2013-06-11 02:30 |
2013-06-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245263
|
6.8 |
MEDIUM
|
qnap
|
viostor_network_video_recorder
|
Cross-site request forgery (CSRF) vulnerability in cgi-bin/create_user.cgi on QNAP VioStor NVR devices with firmware 4.0.3 allows remote attackers to hijack the authentication of administrators for r…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2013-0144
|
2013-06-10 22:19 |
2013-06-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245264
|
5.0 |
MEDIUM
|
qnap
|
viostor_network_video_recorder surveillance_station_pro nas
|
QNAP VioStor NVR devices with firmware 4.0.3, and the Surveillance Station Pro component in QNAP NAS, have a hardcoded guest account, which allows remote attackers to obtain web-server login access v…
|
CWE-255
証明書・パスワード管理
|
CVE-2013-0142
|
2013-06-10 13:00 |
2013-06-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245265
|
6.5 |
MEDIUM
|
qnap
|
viostor_network_video_recorder surveillance_station_pro nas
|
cgi-bin/pingping.cgi on QNAP VioStor NVR devices with firmware 4.0.3, and in the Surveillance Station Pro component in QNAP NAS, allows remote authenticated users to execute arbitrary commands by lev…
|
CWE-94
コード・インジェクション
|
CVE-2013-0143
|
2013-06-10 13:00 |
2013-06-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245266
|
2.1 |
LOW
|
rsa
|
authentication_manager
|
EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a (1) log file or (2) c…
|
CWE-255
証明書・パスワード管理
|
CVE-2013-0947
|
2013-06-10 13:00 |
2013-06-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245267
|
2.6 |
LOW
|
jig
|
movatwitouch movatwitouch_paid
|
The Content Provider in the MovatwiTouch application before 1.793 and MovatwiTouch Paid application before 1.793 for Android does not properly restrict access to authorization information, which allo…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-2318
|
2013-06-7 13:00 |
2013-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245268
|
4.3 |
MEDIUM
|
cisco
|
webex_meetings_server
|
The Event Center module in Cisco WebEx Meetings Server does not perform request authentication in all intended circumstances, which allows remote attackers to discover host keys and event passwords v…
|
CWE-287
不適切な認証
|
CVE-2013-1205
|
2013-06-6 23:34 |
2013-06-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245269
|
2.1 |
LOW
|
apple
|
mac_os_x
|
The fill_pipeinfo function in bsd/kern/sys_pipe.c in the XNU kernel in Apple Mac OS X 10.8.x allows local users to defeat the KASLR protection mechanism via the PROC_PIDFDPIPEINFO option to the proc_…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-3952
|
2013-06-6 13:00 |
2013-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245270
|
2.1 |
LOW
|
apple
|
mac_os_x mac_os_x_server
|
Apple Mac OS X before 10.7.5 and 10.8.x before 10.8.2 allows local users to read passwords entered into Login Window (aka LoginWindow) or Screen Saver Unlock by installing an input method that interc…
|
CWE-200
情報漏えい
|
CVE-2012-3718
|
2013-06-6 13:00 |
2012-09-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245271
|
4.9 |
MEDIUM
|
microsoft
|
windows_7 windows_8 windows_rt windows_server_2003 windows_server_2008 windows_server_2012 windows_vista windows_xp
|
The EPATHOBJ::bFlatten function in win32k.sys in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Se…
|
CWE-22
パス・トラバーサル
|
CVE-2013-3661
|
2013-06-6 12:26 |
2013-05-25 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245272
|
2.6 |
LOW
|
openssl
|
openssl
|
The elliptic curve cryptography (ECC) subsystem in OpenSSL 1.0.0d and earlier, when the Elliptic Curve Digital Signature Algorithm (ECDSA) is used for the ECDHE_ECDSA cipher suite, does not properly …
|
CWE-310
暗号の問題
|
CVE-2011-1945
|
2013-06-6 12:10 |
2011-06-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245273
|
6.8 |
MEDIUM
|
apple
|
safari
|
WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ…
|
CWE-119
バッファエラー
|
CVE-2013-1009
|
2013-06-6 01:55 |
2013-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245274
|
9.3 |
HIGH
|
apple
|
mac_os_x mac_os_x_server
|
Directory Service in Apple Mac OS X through 10.6.8 allows remote attackers to execute arbitrary code or cause a denial of service (daemon crash) via a crafted message.
|
CWE-119
バッファエラー
|
CVE-2013-0984
|
2013-06-6 01:11 |
2013-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245275
|
1.7 |
LOW
|
apple
|
mac_os_x mac_os_x_server
|
The Private Browsing feature in CFNetwork in Apple Mac OS X before 10.8.4 does not prevent storage of permanent cookies upon exit from Safari, which might allow physically proximate attackers to bypa…
|
CWE-200
情報漏えい
|
CVE-2013-0982
|
2013-06-6 00:13 |
2013-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245276
|
6.8 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
Buffer overflow in QuickDraw Manager in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted PICT image.
|
CWE-119
バッファエラー
|
CVE-2013-0975
|
2013-06-5 23:39 |
2013-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245277
|
6.8 |
MEDIUM
|
apple
|
mac_os_x
|
Stack consumption vulnerability in CoreAnimation in Apple Mac OS X before 10.8.4 allows remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted text …
|
CWE-119
バッファエラー
|
CVE-2013-0983
|
2013-06-5 23:39 |
2013-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245278
|
2.1 |
LOW
|
apple
|
mac_os_x
|
Disk Management in Apple Mac OS X before 10.8.4 does not properly authenticate attempts to disable FileVault, which allows local users to cause a denial of service (loss of encryption functionality) …
|
CWE-287
不適切な認証
|
CVE-2013-0985
|
2013-06-5 23:39 |
2013-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245279
|
4.9 |
MEDIUM
|
apple
|
mac_os_x mac_os_x_server
|
SMB in Apple Mac OS X before 10.8.4, when file sharing is enabled, allows remote authenticated users to create or modify files outside of a shared directory via unspecified vectors.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-0990
|
2013-06-5 23:39 |
2013-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245280
|
4.3 |
MEDIUM
|
apple
|
safari
|
XSS Auditor in WebKit in Apple Safari before 6.0.5 does not properly rewrite URLs, which allows remote attackers to trigger unintended form submissions via unspecified vectors.
|
CWE-20
不適切な入力確認
|
CVE-2013-1013
|
2013-06-5 23:39 |
2013-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245281
|
6.8 |
MEDIUM
|
apple
|
safari
|
WebKit, as used in Apple Safari before 6.0.5, allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption and application crash) via a crafted web site, a differ…
|
CWE-119
バッファエラー
|
CVE-2013-1023
|
2013-06-5 23:39 |
2013-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245282
|
2.1 |
LOW
|
apple
|
mac_os_x
|
The posix_spawn system call in the XNU kernel in Apple Mac OS X 10.8.x does not prevent use of the _POSIX_SPAWN_DISABLE_ASLR and _POSIX_SPAWN_ALLOW_DATA_EXEC flags for setuid and setgid programs, whi…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-3949
|
2013-06-5 23:39 |
2013-06-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245283
|
6.8 |
MEDIUM
|
apple
|
mac_os_x
|
IOAcceleratorFamily in Apple Mac OS X before 10.8.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted graphics image.
|
CWE-119
バッファエラー
|
CVE-2013-0976
|
2013-06-5 13:00 |
2013-03-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245284
|
7.5 |
HIGH
|
typo3
|
typo3
|
SQL injection vulnerability in the Extbase Framework in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to execute arbitrary SQL com…
|
CWE-89
SQLインジェクション
|
CVE-2013-1842
|
2013-06-5 12:42 |
2013-03-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245285
|
6.4 |
MEDIUM
|
typo3
|
typo3
|
Open redirect vulnerability in the Access tracking mechanism in TYPO3 4.5.x before 4.5.24, 4.6.x before 4.6.17, 4.7.x before 4.7.9, and 6.0.x before 6.0.3 allows remote attackers to redirect users to…
|
CWE-399
リソース管理の問題
|
CVE-2013-1843
|
2013-06-5 12:42 |
2013-03-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245286
|
10.0 |
HIGH
|
mozilla
|
firefox
|
Unspecified vulnerability in the browser engine in Mozilla Firefox before 20.0 on Android allows remote attackers to cause a denial of service (stack memory corruption and application crash) or possi…
|
NVD-CWE-noinfo
|
CVE-2013-0790
|
2013-06-5 12:41 |
2013-04-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245287
|
4.3 |
MEDIUM
|
mozilla
|
firefox
|
Mozilla Firefox before 20.0 on Android uses world-writable and world-readable permissions for the app_tmp installation directory in the local filesystem, which allows attackers to modify add-ons befo…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-0798
|
2013-06-5 12:41 |
2013-04-3 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245288
|
6.0 |
MEDIUM
|
openstack canonical
|
essex folsom grizzly ubuntu_linux
|
OpenStack Compute (Nova) Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to gain access to a VM in opportunistic circumstances by using the VNC token for a deleted VM t…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-0335
|
2013-06-5 12:40 |
2013-03-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245289
|
6.0 |
MEDIUM
|
openstack canonical
|
essex folsom grizzly ubuntu_linux
|
Per http://www.ubuntu.com/usn/USN-1771-1/
"A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 12.10
Ubuntu 12.04 LTS
Ubuntu 11.10"
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-0335
|
2013-06-5 12:40 |
2013-03-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245290
|
7.5 |
HIGH
|
nagios icinga
|
nagios icinga
|
Multiple stack-based buffer overflows in the get_history function in history.cgi in Nagios Core before 3.4.4, and Icinga 1.6.x before 1.6.2, 1.7.x before 1.7.4, and 1.8.x before 1.8.4, might allow re…
|
CWE-119
バッファエラー
|
CVE-2012-6096
|
2013-06-5 12:40 |
2013-01-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245291
|
5.0 |
MEDIUM
|
cisco
|
nx-os nexus_1000v
|
Cisco NX-OS on the Nexus 1000V does not assign the proper priority to heartbeat messages from a Virtual Ethernet Module (VEM) to a Virtual Supervisor Module (VSM), which allows remote attackers to ca…
|
CWE-399
リソース管理の問題
|
CVE-2013-1213
|
2013-06-4 13:00 |
2013-05-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245292
|
4.0 |
MEDIUM
|
lockon
|
ec-cube
|
Session fixation vulnerability in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to hijack web sessions via unspecified vectors.
|
CWE-287
不適切な認証
|
CVE-2013-2313
|
2013-06-4 13:00 |
2013-05-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245293
|
4.3 |
MEDIUM
|
lockon
|
ec-cube
|
Cross-site scripting (XSS) vulnerability in the adminAuthorization function in data/class/helper/SC_Helper_Session.php in LOCKON EC-CUBE 2.11.0 through 2.12.3enP2 allows remote attackers to inject ar…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-2314
|
2013-06-4 13:00 |
2013-05-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245294
|
5.8 |
MEDIUM
|
yahoo
|
yahoo\!_browser
|
The Yahoo! Browser application 1.4.4 and earlier for Android allows remote attackers to spoof the address bar via vectors related to URL display, a different vulnerability than CVE-2013-2307.
|
NVD-CWE-noinfo
|
CVE-2013-2316
|
2013-06-4 13:00 |
2013-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245295
|
5.8 |
MEDIUM
|
fenrir-inc
|
sleipnir_mobile
|
The Sleipnir Mobile application 2.9.1 and earlier and Sleipnir Mobile Black Edition application 2.9.1 and earlier for Android allow remote attackers to spoof the address bar via vectors involving the…
|
NVD-CWE-noinfo
|
CVE-2013-2317
|
2013-06-4 13:00 |
2013-06-4 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245296
|
4.3 |
MEDIUM
|
photogallerycreator
|
flash-album-gallery
|
Cross-site scripting (XSS) vulnerability in wp-admin/admin.php in the GRAND FlAGallery plugin before 2.72 for WordPress allows remote attackers to inject arbitrary web script or HTML via the s parame…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-3261
|
2013-06-4 00:30 |
2013-06-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245297
|
8.5 |
HIGH
|
mutiny
|
mutiny mutiny_virtual_appliance mutiny_appliance
|
Multiple directory traversal vulnerabilities in the EditDocument servlet in the Frontend in Mutiny before 5.0-1.11 allow remote authenticated users to upload and execute arbitrary programs, read arbi…
|
CWE-22
パス・トラバーサル
|
CVE-2013-0136
|
2013-06-3 13:00 |
2013-06-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245298
|
6.8 |
MEDIUM
|
cisco
|
telepresence_system_software
|
Cisco TelePresence System Software does not properly handle inactive t-shell sessions, which allows remote authenticated users to cause a denial of service (memory consumption and service outage) by …
|
CWE-399
リソース管理の問題
|
CVE-2013-1246
|
2013-06-3 13:00 |
2013-06-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245299
|
4.3 |
MEDIUM
|
cisco
|
prime_infrastructure
|
Cross-site scripting (XSS) vulnerability in the wireless configuration module in Cisco Prime Infrastructure allows remote attackers to inject arbitrary web script or HTML via an SSID that is not prop…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-1247
|
2013-06-3 13:00 |
2013-06-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245300
|
6.5 |
MEDIUM
|
tibco
|
silver_mobile
|
The server in TIBCO Silver Mobile 1.1.0 does not properly verify access to the administrator role before executing a command, which allows authenticated users to gain privileges via unspecified vecto…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-3315
|
2013-06-3 13:00 |
2013-06-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|