|
259481
|
- |
|
smackcoders
|
wp_ultimate_email_marketer_plugin
|
The WP Ultimate Email Marketer plugin 1.1.0 and possibly earlier for Wordpress does not properly restrict access to (1) list/edit.php and (2) campaign/editCampaign.php, which allows remote attackers …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3264
|
2013-11-6 23:55 |
2013-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259482
|
- |
|
saltstack
|
salt
|
The salt master in Salt (aka SaltStack) 0.11.0 through 0.17.0 does not properly drop group privileges, which makes it easier for remote attackers to gain privileges.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6617
|
2013-11-6 23:36 |
2013-11-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259483
|
- |
|
cisco
|
prime_central_for_hosted_collaboration_solution
|
The Java process in the Impact server in Cisco Prime Central for Hosted Collaboration Solution (HCS) allows remote attackers to cause a denial of service (process crash) via a flood of TCP packets, a…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-5564
|
2013-11-6 23:04 |
2013-11-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259484
|
- |
|
thoughtbot
|
cocaine
|
The Cocaine gem 0.4.0 through 0.5.2 for Ruby allows context-dependent attackers to execute arbitrary commands via a crafted has object, related to recursive variable interpolation.
|
CWE-78
OS Command
|
CVE-2013-4457
|
2013-11-6 00:21 |
2013-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259485
|
- |
|
nas4free
|
nas4free
|
NAS4Free 9.1.0.1.804 and earlier allows remote authenticated users to execute arbitrary PHP code via a request to exec.php, aka the "Advanced | Execute Command" feature. NOTE: this issue might not b…
|
CWE-94
Code Injection
|
CVE-2013-3631
|
2013-11-5 23:56 |
2013-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259486
|
- |
|
novell
|
zenworks_configuration_management
|
The ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows attackers to conduct cross-frame scripting attacks via unknown vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2013-6344
|
2013-11-5 09:04 |
2013-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259487
|
- |
|
novell
|
zenworks_configuration_management
|
Unspecified vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 has unknown impact and attack vectors related to an "Application Exception."
|
NVD-CWE-noinfo
|
CVE-2013-6345
|
2013-11-5 09:03 |
2013-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259488
|
- |
|
novell
|
zenworks_configuration_management
|
Cross-site request forgery (CSRF) vulnerability in the ZCC page in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack the authentication of unspecified vic…
|
CWE-352
Origin Validation Error
|
CVE-2013-6346
|
2013-11-5 08:59 |
2013-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259489
|
- |
|
novell
|
zenworks_configuration_management
|
Session fixation vulnerability in Novell ZENworks Configuration Management (ZCM) before 11.2.4 allows remote attackers to hijack web sessions via unspecified vectors.
|
CWE-287
Improper Authentication
|
CVE-2013-6347
|
2013-11-5 08:58 |
2013-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259490
|
- |
|
mcafee
|
email_gateway
|
McAfee Email Gateway (MEG) 7.0 before 7.0.4 and 7.5 before 7.5.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors.
|
CWE-94
Code Injection
|
CVE-2013-6349
|
2013-11-5 08:53 |
2013-11-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
