|
261191
|
- |
|
invensys
|
wonderware_win-xml_exporter
|
Invensys Wonderware Win-XML Exporter 1522.148.0.0 allows remote attackers to read arbitrary files, send HTTP requests to intranet servers, or cause a denial of service (CPU and memory consumption) vi…
|
CWE-20
Improper Input Validation
|
CVE-2012-4710
|
2013-04-5 02:50 |
2013-04-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261192
|
- |
|
schneider-electric
|
modicon_m340
|
The Schneider Electric M340 BMXNOE01xx and BMXP3420xx PLC modules allow remote authenticated users to cause a denial of service (module crash) via crafted FTP traffic, as demonstrated by the FileZill…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-2761
|
2013-04-4 22:56 |
2013-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261193
|
- |
|
schneider-electric
|
modicon_quantum_plc
modicon_m340
modicon_premium
|
The FactoryCast service on the Schneider Electric Quantum 140NOE77111 and 140NWM10000, M340 BMXNOE0110x, and Premium TSXETY5103 PLC modules allows remote authenticated users to send Modbus messages, …
|
NVD-CWE-noinfo
|
CVE-2013-0664
|
2013-04-4 22:43 |
2013-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261194
|
- |
|
schneider-electric
|
magelis_xbt_hmi
|
The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions…
|
CWE-255
CWE-352
Credentials Management
Origin Validation Error
|
CVE-2013-2762
|
2013-04-4 20:58 |
2013-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261195
|
- |
|
joe_haskins
|
og_manager_change
|
Cross-site scripting (XSS) vulnerability in the Manager Change for Organic Groups (og_manager_change) module 7.x-2.x before 7.x-2.1 for Drupal might allow remote attackers to inject arbitrary web scr…
|
CWE-79
Cross-site Scripting
|
CVE-2013-0317
|
2013-04-4 13:00 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261196
|
- |
|
yandex.metrics_project
|
yandex_metrics
|
Cross-site scripting (XSS) vulnerability in the Yandex.Metrics module 6.x-1.x before 6.x-1.6 and 7.x-1.x before 7.x-1.5 for Drupal allows remote attackers to inject arbitrary web script or HTML via v…
|
CWE-79
Cross-site Scripting
|
CVE-2013-0319
|
2013-04-4 13:00 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261197
|
- |
|
display_suite_project
|
ds
|
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via th…
|
CWE-79
Cross-site Scripting
|
CVE-2013-0323
|
2013-04-4 13:00 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261198
|
- |
|
tomasbarej
|
menu_reference
|
Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus an…
|
CWE-79
Cross-site Scripting
|
CVE-2013-0324
|
2013-04-4 13:00 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261199
|
- |
|
katello
|
katello
katello-configure
|
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6116
|
2013-04-4 12:21 |
2013-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261200
|
- |
|
emc
|
smarts_network_configuration_manager
|
EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vector…
|
CWE-287
Improper Authentication
|
CVE-2013-0935
|
2013-04-3 13:00 |
2013-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
