|
260721
|
- |
|
cisco
|
ios
1921_integrated_services_router
1941_integrated_services_router
1941w_integrated_services_router
2901_integrated_services_router
2911_integrated_services_router
2921_integrated_…
|
The ISM module in Cisco IOS on ISR G2 routers does not properly handle authentication-header packets, which allows remote authenticated users to cause a denial of service (module reload) via a series…
|
CWE-287
Improper Authentication
|
CVE-2013-1241
|
2013-05-8 21:09 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260722
|
- |
|
gwos
|
groundwork_monitor
|
The Foundation webapp admin interface in GroundWork Monitor Enterprise 6.7.0 uses the nagios account as the owner of writable files under /usr/local/groundwork, which allows context-dependent attacke…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3500
|
2013-05-8 21:09 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260723
|
- |
|
gwos
|
groundwork_monitor
|
Multiple cross-site scripting (XSS) vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote attackers to inject arbitrary web script or HTML via vectors related to (1) the foundation-weba…
|
CWE-79
Cross-site Scripting
|
CVE-2013-3501
|
2013-05-8 21:09 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260724
|
- |
|
gwos
|
groundwork_monitor
|
The Profile Importer feature in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to read arbitrary files via an XML document containing an…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3503
|
2013-05-8 21:09 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260725
|
- |
|
gwos
|
groundwork_monitor
|
Directory traversal vulnerability in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to overwrite arbitrary files by leveraging access to…
|
CWE-22
Path Traversal
|
CVE-2013-3504
|
2013-05-8 21:09 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260726
|
- |
|
gwos
|
groundwork_monitor
|
cgi-bin/performance/perfchart.cgi in the Performance component in GroundWork Monitor Enterprise 6.7.0 does not properly restrict XML content, which allows remote attackers to execute arbitrary comman…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3506
|
2013-05-8 21:09 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260727
|
- |
|
gwos
|
groundwork_monitor
|
The NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to obtain sensitive information via a direct request for (1) a configuration file, (2) a database dump, or …
|
CWE-200
Information Exposure
|
CVE-2013-3507
|
2013-05-8 21:09 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260728
|
- |
|
gwos
|
groundwork_monitor
|
html/System-Files.php in the System File Overview feature in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via vectors invo…
|
CWE-94
Code Injection
|
CVE-2013-3508
|
2013-05-8 21:09 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260729
|
- |
|
gwos
|
groundwork_monitor
|
html/System-NeDi.php in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the scan functionality in…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3509
|
2013-05-8 21:09 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260730
|
- |
|
gwos
|
groundwork_monitor
|
Multiple SQL injection vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote authenticated users to execute arbitrary SQL commands via (1) nedi/html/System-Export.php, (2) nedi/html/Dev…
|
CWE-89
SQL Injection
|
CVE-2013-3510
|
2013-05-8 21:09 |
2013-05-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
