|
260201
|
- |
|
cisco
|
global_site_selector
|
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Global Site Selector (GSS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh42164.
|
CWE-352
Origin Validation Error
|
CVE-2013-5471
|
2013-09-12 12:37 |
2013-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260202
|
- |
|
digium
|
asterisk
certified_asterisk
|
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-5641
|
2013-09-12 12:37 |
2013-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260203
|
- |
|
digium
|
asterisk
asterisk_digiumphones
certified_asterisk
|
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before …
|
CWE-20
Improper Input Validation
|
CVE-2013-5642
|
2013-09-12 12:37 |
2013-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260204
|
- |
|
roundcube
|
webmail
|
Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in …
|
CWE-79
Cross-site Scripting
|
CVE-2013-5645
|
2013-09-12 12:37 |
2013-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260205
|
- |
|
advanceprotech
|
advanceware
|
AdvancePro Advanceware allows remote authenticated users to obtain sensitive information about arbitrary customers' orders via a modified id parameter.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3596
|
2013-09-12 12:36 |
2013-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260206
|
- |
|
php
|
php
|
Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (applic…
|
CWE-189
Numeric Errors
|
CVE-2013-4635
|
2013-09-12 12:36 |
2013-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260207
|
- |
|
lockon
|
ec-cube
|
Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbit…
|
CWE-22
Path Traversal
|
CVE-2013-4702
|
2013-09-12 12:36 |
2013-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260208
|
- |
|
x
|
libxp
|
Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XpGetAttributes, (2) XpGe…
|
CWE-189
Numeric Errors
|
CVE-2013-2062
|
2013-09-12 12:34 |
2013-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260209
|
- |
|
gnome
|
gnome_display_manager
|
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
|
CWE-59
Link Following
|
CVE-2013-4169
|
2013-09-12 10:06 |
2013-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260210
|
- |
|
fedoraproject
|
389_directory_server
|
ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.
|
CWE-20
Improper Input Validation
|
CVE-2013-4283
|
2013-09-11 23:13 |
2013-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
