|
257661
|
- |
|
cru-inc
|
ditto_forensic_fieldstation_firmware
ditto_forensic_fieldstation
|
Cross-site request forgery (CSRF) vulnerability in CRU Ditto Forensic FieldStation with firmware before 2013Oct15a allows remote attackers to hijack the authentication of administrators for requests …
|
CWE-352
Origin Validation Error
|
CVE-2013-6883
|
2014-01-14 13:29 |
2013-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257662
|
- |
|
typo3
|
typo3
|
The Content Editing Wizards component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated backend users to unserialize arbit…
|
CWE-310
Cryptographic Issues
|
CVE-2013-7075
|
2014-01-14 13:29 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257663
|
- |
|
typo3
|
typo3
|
The creating record functionality in Extension table administration library (feuser_adminLib.inc) in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, and 6.0.0 through 6.0.11 allows remote attackers…
|
NVD-CWE-noinfo
|
CVE-2013-7080
|
2014-01-14 13:29 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257664
|
- |
|
typo3
|
typo3
|
The (old) Form Content Element component in TYPO3 4.5.0 through 4.5.31, 4.7.0 through 4.7.16, 6.0.0 through 6.0.11, and 6.1.0 through 6.1.6 allows remote authenticated editors to generate arbitrary H…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7081
|
2014-01-14 13:29 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257665
|
- |
|
drupal
|
drupal
|
The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote att…
|
CWE-94
Code Injection
|
CVE-2013-6385
|
2014-01-14 13:28 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257666
|
- |
|
drupal
|
drupal
|
Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass in…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6386
|
2014-01-14 13:28 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257667
|
- |
|
hp
|
linux_imaging_and_printing_project
|
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local user…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4325
|
2014-01-14 13:27 |
2013-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257668
|
- |
|
redhat
|
enterprise_mrg
|
cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4404
|
2014-01-14 13:27 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257669
|
- |
|
redhat
|
enterprise_mrg
|
SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table ope…
|
CWE-89
SQL Injection
|
CVE-2013-4461
|
2014-01-14 13:27 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257670
|
- |
|
novell
suse
|
suse_lifecycle_management_server
studio_onsite
webyast
|
WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3709
|
2014-01-14 13:26 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
