259001
|
- |
|
zabbix
|
zabbix
|
Zabbix before 1.8.19rc1, 2.0 before 2.0.10rc1, and 2.2 before 2.2.1rc1 allows remote Zabbix servers and proxies to execute arbitrary commands via a newline in a flexible user parameter.
|
CWE-94
Code Injection
|
CVE-2013-6824
|
2014-03-6 13:49 |
2013-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259002
|
- |
|
apple canonical
|
cups ubuntu_linux
|
lppasswd in CUPS before 1.7.1, when running with setuid privileges, allows local users to read portions of arbitrary files via a modified HOME environment variable and a symlink attack involving .cup…
|
CWE-59
Link Following
|
CVE-2013-6891
|
2014-03-6 13:49 |
2014-01-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259003
|
- |
|
belkin
|
wemo_home_automation_firmware
|
The peerAddresses API in the Belkin WeMo Home Automation firmware before 3949 allows remote attackers to read arbitrary files via an XML document containing an external entity declaration in conjunct…
|
CWE-94
Code Injection
|
CVE-2013-6948
|
2014-03-6 13:49 |
2014-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259004
|
- |
|
belkin
|
wemo_home_automation_firmware
|
The Belkin WeMo Home Automation firmware before 3949 does not properly use the STUN and TURN protocols, which allows remote attackers to hijack connections and possibly have unspecified other impact …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6949
|
2014-03-6 13:49 |
2014-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259005
|
- |
|
belkin
|
wemo_home_automation_firmware
|
The Belkin WeMo Home Automation firmware before 3949 does not use SSL for the distribution feed, which allows man-in-the-middle attackers to install arbitrary firmware by spoofing a distribution serv…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6950
|
2014-03-6 13:49 |
2014-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259006
|
- |
|
belkin
|
wemo_home_automation_firmware
|
The Belkin WeMo Home Automation firmware before 3949 has a hardcoded GPG key, which makes it easier for remote attackers to spoof firmware updates and execute arbitrary code via crafted signed data.
|
CWE-310
Cryptographic Issues
|
CVE-2013-6952
|
2014-03-6 13:49 |
2014-02-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259007
|
- |
|
apple
|
iphone_os
|
The IOSerialFamily driver in Apple iOS before 7 allows attackers to execute arbitrary code or cause a denial of service (out-of-bounds array access) via a crafted application.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-5139
|
2014-03-6 13:48 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259008
|
- |
|
apple
|
iphone_os
|
Per: http://lists.apple.com/archives/security-announce/2013/Sep/msg00006.html
"Executing a malicious application may result in arbitrary
code execution within the kernel"
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-5139
|
2014-03-6 13:48 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259009
|
- |
|
apple
|
mac_os_x
|
LaunchServices in Apple Mac OS X before 10.9 does not properly restrict Unicode characters in filenames, which allows context-dependent attackers to spoof file extensions via a crafted character sequ…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5178
|
2014-03-6 13:48 |
2013-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259010
|
- |
|
apple
|
mac_os_x
|
App Sandbox in Apple Mac OS X before 10.9 allows attackers to bypass intended sandbox restrictions via a crafted app that uses the LaunchServices interface to specify process arguments.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5179
|
2014-03-6 13:48 |
2013-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|