|
261701
|
- |
|
openstack
|
essex
folsom
|
manifests/base.pp in the puppetlabs-cinder module, as used in PackStack, uses world-readable permissions for the (1) cinder.conf and (2) api-paste.ini configuration files, which allows local users to…
|
CWE-362
Race Condition
|
CVE-2013-0266
|
2013-03-18 13:00 |
2013-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261702
|
- |
|
apple
|
safari
|
WebKit in Apple Safari before 6.0.3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, a different vulnerability than CVE-2013-…
|
NVD-CWE-noinfo
|
CVE-2013-0961
|
2013-03-18 13:00 |
2013-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261703
|
- |
|
apple
|
mac_os_x
mac_os_x_server
|
Software Update in Apple Mac OS X through 10.7.5 does not prevent plugin loading within the marketing-text WebView, which allows man-in-the-middle attackers to execute plugin code by modifying the cl…
|
NVD-CWE-noinfo
|
CVE-2013-0973
|
2013-03-18 13:00 |
2013-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261704
|
- |
|
gnome
|
gnome_screensaver
|
The default configuration in gnome-screensaver 3.5.4 through 3.6.0 sets the AutostartCondition line to fallback mode in the .desktop file, which prevents the program from starting automatically after…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1050
|
2013-03-18 13:00 |
2013-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261705
|
- |
|
novell
|
zenworks_mobile_management
|
Directory traversal vulnerability in MDM.php in Novell ZENworks Mobile Management (ZMM) 2.6.1 and 2.7.0 allows remote attackers to include and execute arbitrary local files via the language parameter.
|
CWE-22
Path Traversal
|
CVE-2013-1081
|
2013-03-18 13:00 |
2013-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261706
|
- |
|
advantech
indusoft
|
advantech_studio
web_studio
|
Absolute path traversal vulnerability in NTWebServer.exe in Indusoft Studio 7.0 and earlier and Advantech Studio 7.0 and earlier allows remote attackers to read arbitrary files via a full pathname in…
|
CWE-22
Path Traversal
|
CVE-2013-1627
|
2013-03-18 13:00 |
2013-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261707
|
- |
|
tibco
|
spotfire_statistics_services
|
The Web API in the Statistics Server in TIBCO Spotfire Statistics Services 3.3.x before 3.3.1, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 allows remote attackers to obtain sensitive information via a…
|
CWE-200
Information Exposure
|
CVE-2013-2371
|
2013-03-18 13:00 |
2013-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261708
|
- |
|
tibco
|
spotfire_web_player
|
The Engine in TIBCO Spotfire Web Player 3.3.x before 3.3.3, 4.0.x before 4.0.3, 4.5.x before 4.5.1, and 5.0.x before 5.0.1 does not properly implement access control, which allows remote attackers to…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2373
|
2013-03-18 13:00 |
2013-03-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261709
|
- |
|
spreecommerce
|
spree
|
app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to as…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2506
|
2013-03-18 13:00 |
2013-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
261710
|
- |
|
eucalyptus
|
eucalyptus
|
The internal message protocol for Walrus in Eucalyptus 3.2.0 and earlier does not require signatures for unspecified request headers, which allows attackers to (1) delete or (2) upload snapshots.
|
CWE-287
Improper Authentication
|
CVE-2012-4066
|
2013-03-18 13:00 |
2013-03-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
