|
259921
|
- |
|
menalto
|
gallery
|
modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2241
|
2013-10-11 05:26 |
2013-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259922
|
- |
|
cartpauj
|
mingle-forum
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators f…
|
CWE-352
Origin Validation Error
|
CVE-2013-0736
|
2013-10-11 05:23 |
2013-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259923
|
- |
|
eucalyptus
|
eucalyptus
|
Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impact and attack vectors.
|
NVD-CWE-noinfo
|
CVE-2013-4767
|
2013-10-11 05:12 |
2013-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259924
|
- |
|
symantec
|
management_platform
|
The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across d…
|
CWE-200
Information Exposure
|
CVE-2013-5008
|
2013-10-11 05:10 |
2013-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259925
|
- |
|
phusion
|
passenger
|
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a…
|
CWE-59
Link Following
|
CVE-2013-4136
|
2013-10-11 04:09 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259926
|
- |
|
joachim_noreiko
|
flag_module
|
Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to in…
|
CWE-79
Cross-site Scripting
|
CVE-2013-5964
|
2013-10-11 03:56 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259927
|
- |
|
ibm
|
sterling_b2b_integrator
sterling_file_gateway
|
Multiple cross-site scripting (XSS) vulnerabilities in IBM Sterling B2B Integrator 5.2.4 and Sterling File Gateway allow remote attackers to inject arbitrary web script or HTML via unspecified vector…
|
CWE-79
Cross-site Scripting
|
CVE-2013-0455
|
2013-10-11 03:33 |
2013-07-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259928
|
- |
|
google
|
android
|
diagchar_core.c in the Qualcomm Innovation Center (QuIC) Diagnostics (aka DIAG) kernel-mode driver for Android 2.3 through 4.2 allows attackers to execute arbitrary code or cause a denial of service …
|
NVD-CWE-noinfo
|
CVE-2012-4220
|
2013-10-11 03:28 |
2012-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259929
|
- |
|
digium
|
asterisk_business_edition
asterisk
asteriske
certified_asterisk
|
channels/chan_sip.c in Asterisk Open Source 1.8.x before 1.8.13.1 and 10.x before 10.5.2, Asterisk Business Edition C.3.x before C.3.7.5, Certified Asterisk 1.8.11-certx before 1.8.11-cert4, and Aste…
|
CWE-399
Resource Management Errors
|
CVE-2012-3863
|
2013-10-11 03:24 |
2012-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259930
|
- |
|
cisco
|
prime_central_for_hosted_collaboration_solution
|
The portal in Cisco Prime Central for Hosted Collaboration Solution (HCS) places cleartext credentials in temporary files, which allows local users to obtain sensitive information by leveraging weak …
|
CWE-255
Credentials Management
|
CVE-2013-3409
|
2013-10-11 03:21 |
2013-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
