|
259541
|
- |
|
canonical
|
ubuntu_linux
|
Apport 2.12.5 and earlier uses weak permissions for core dump files created by setuid binaries, which allows local users to obtain sensitive information by reading the file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1067
|
2013-10-28 22:49 |
2013-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259542
|
- |
|
wellintech
|
kingview
|
The KCHARTXYLib.KChartXY ActiveX control in KChartXY.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict SaveToFile method calls, which allows remote attackers …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6128
|
2013-10-28 22:39 |
2013-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259543
|
- |
|
wellintech
|
kingview
|
The SUPERGRIDLib.SuperGrid ActiveX control in SuperGrid.ocx before 65.30.30000.10002 in WellinTech KingView before 6.53 does not properly restrict ReplaceDBFile method calls, which allows remote atta…
|
CWE-22
Path Traversal
|
CVE-2013-6127
|
2013-10-28 22:32 |
2013-10-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259544
|
- |
|
emc
|
rsa_authentication_agent
|
EMC RSA Authentication Agent 7.1.x before 7.1.2 for Web for Internet Information Services has a fail-open design, which allows remote attackers to bypass intended access restrictions via vectors that…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3280
|
2013-10-26 04:00 |
2013-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259545
|
- |
|
cisco
|
identity_services_engine_software
|
Cisco Identity Services Engine does not properly restrict the creation of guest accounts, which allows remote attackers to cause a denial of service (exhaustion of the account supply) via a series of…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5521
|
2013-10-26 04:00 |
2013-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259546
|
- |
|
cisco
|
ios
catalyst_3750-x
|
Cisco IOS on Catalyst 3750X switches has default Service Module credentials, which makes it easier for local users to gain privileges via a Service Module login, aka Bug ID CSCue92286.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5522
|
2013-10-26 03:59 |
2013-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259547
|
- |
|
cisco
|
identity_services_engine_software
|
Cisco Identity Services Engine (ISE) 1.x before 1.1.1 allows remote attackers to bypass authentication, and read support-bundle configuration and credentials data, via a crafted session on TCP port 4…
|
CWE-287
Improper Authentication
|
CVE-2013-5531
|
2013-10-26 03:57 |
2013-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259548
|
- |
|
cisco
|
ios_xr
|
Cisco IOS XR 3.8.1 through 4.2.0 does not properly process fragmented packets within the RP-A, RP-B, PRP, and DRP-B route-processor components, which allows remote attackers to cause a denial of serv…
|
NVD-CWE-noinfo
|
CVE-2013-5549
|
2013-10-26 03:57 |
2013-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259549
|
- |
|
dhtmlx
|
dhtmlxspreadsheet
|
Cross-site scripting (XSS) vulnerability in codebase/spreadsheet.php in the Spreadsheet (dhtmlxSpreadsheet) plugin 2.0 for WordPress allows remote attackers to inject arbitrary web script or HTML via…
|
CWE-79
Cross-site Scripting
|
CVE-2013-6281
|
2013-10-26 03:17 |
2013-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259550
|
- |
|
linksalpha
|
social_sharing_toolkit_plugin
|
Cross-site scripting (XSS) vulnerability in Social Sharing Toolkit plugin before 2.1.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2013-6280
|
2013-10-26 03:06 |
2013-10-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
