261151
|
- |
|
advantech indusoft
|
advantech_studio web_studio
|
Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in…
|
CWE-22
Path Traversal
|
CVE-2013-1627
|
2013-03-18 13:00 |
2013-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261152
|
- |
|
tibco
|
spotfire_statistics_services
|
The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via a…
|
CWE-200
Information Exposure
|
CVE-2013-2371
|
2013-03-18 13:00 |
2013-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261153
|
- |
|
tibco
|
spotfire_web_player
|
The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2373
|
2013-03-18 13:00 |
2013-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261154
|
- |
|
spreecommerce
|
spree
|
app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to as…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2506
|
2013-03-18 13:00 |
2013-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261155
|
- |
|
eucalyptus
|
eucalyptus
|
The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots.
|
CWE-287
Improper Authentication
|
CVE-2012-4066
|
2013-03-18 13:00 |
2013-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261156
|
- |
|
360systems
|
image_server_2000 image_server_maxx maxx
|
360 Systems Maxx, Image Server Maxx, and Image Server 2000 have a hardcoded password for the root account, which makes it easier for remote attackers to execute arbitrary code, or modify video conten…
|
CWE-255
Credentials Management
|
CVE-2012-4702
|
2013-03-18 13:00 |
2013-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261157
|
- |
|
emerson
|
deltav_se3006_sd_plus_controller deltav_ve3005_controller_md deltav_ve3006_controller_md_plus
|
The Emerson DeltaV SE3006 through 11.3.1, DeltaV VE3005 through 10.3.1 and 11.x through 11.3.1, and DeltaV VE3006 through 10.3.1 and 11.x through 11.3.1 allow remote attackers to cause a denial of se…
|
CWE-399
Resource Management Errors
|
CVE-2012-4703
|
2013-03-18 13:00 |
2013-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261158
|
- |
|
inkscape
|
inkscape
|
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and poss…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6076
|
2013-03-18 13:00 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261159
|
- |
|
redhat
|
cloudforms_cloud_engine
|
Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to re…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6117
|
2013-03-18 13:00 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261160
|
- |
|
redhat
|
aeolus_conductor
|
The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6118
|
2013-03-18 13:00 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|