|
258891
|
- |
|
gnupg
|
gnupg
|
GnuPG 1.4.x, 2.0.x, and 2.1.x treats a key flags subpacket with all bits cleared (no usage permitted) as if it has all bits set (all usage permitted), which might allow remote attackers to bypass int…
|
CWE-310
Cryptographic Issues
|
CVE-2013-4351
|
2014-01-4 13:48 |
2013-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258892
|
- |
|
gnupg
canonical
|
gnupg
ubuntu_linux
|
The compressed packet parser in GnuPG 1.4.x before 1.4.15 and 2.0.x before 2.0.22 allows remote attackers to cause a denial of service (infinite recursion) via a crafted OpenPGP message.
|
CWE-20
Improper Input Validation
|
CVE-2013-4402
|
2014-01-4 13:48 |
2013-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258893
|
- |
|
fedoraproject
duckcorp
|
fedora
bip
|
Bip before 0.8.9, when running as a daemon, writes SSL handshake errors to an unexpected file descriptor that was previously associated with stderr before stderr has been closed, which allows remote …
|
CWE-310
Cryptographic Issues
|
CVE-2013-4550
|
2014-01-4 13:48 |
2013-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258894
|
- |
|
duckcorp
fedoraproject
|
bip
fedora
|
connection.c in Bip before 0.8.9 does not properly close sockets, which allows remote attackers to cause a denial of service (file descriptor consumption and crash) via multiple failed SSL handshakes…
|
CWE-310
Cryptographic Issues
|
CVE-2011-5268
|
2014-01-4 13:35 |
2013-12-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258895
|
- |
|
fatfreecrm
|
fat_free_crm
|
config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by …
|
CWE-310
Cryptographic Issues
|
CVE-2013-7222
|
2014-01-4 02:12 |
2014-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258896
|
- |
|
fatfreecrm
|
fat_free_crm
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the…
|
CWE-352
Origin Validation Error
|
CVE-2013-7223
|
2014-01-4 02:11 |
2014-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258897
|
- |
|
fatfreecrm
|
fat_free_crm
|
Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage time…
|
CWE-89
SQL Injection
|
CVE-2013-7225
|
2014-01-4 02:04 |
2014-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258898
|
- |
|
fatfreecrm
|
fat_free_crm
|
Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json.
|
CWE-200
Information Exposure
|
CVE-2013-7224
|
2014-01-4 01:58 |
2014-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258899
|
- |
|
fatfreecrm
|
fat_free_crm
|
Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a dif…
|
CWE-200
Information Exposure
|
CVE-2013-7249
|
2014-01-4 01:57 |
2014-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258900
|
- |
|
cybozu
|
garoon
|
The server in Cybozu Garoon before 3.7 SP1 allows remote attackers to cause a denial of service (CPU consumption) via unspecified vectors.
|
CWE-399
Resource Management Errors
|
CVE-2013-6002
|
2014-01-4 00:31 |
2013-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
