|
260151
|
- |
|
juniper
|
junos_space
junos_space_virtual_appliance
junos_space_ja1500_appliance
|
Juniper Junos Space before 13.1R1.6, as used on the JA1500 appliance and in other contexts, does not properly restrict access to the list of user accounts and their MD5 password hashes, which makes i…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5097
|
2013-09-12 12:37 |
2013-08-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260152
|
- |
|
cisco
|
global_site_selector
|
Cross-site request forgery (CSRF) vulnerability in the web framework in Cisco Global Site Selector (GSS) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuh42164.
|
CWE-352
Origin Validation Error
|
CVE-2013-5471
|
2013-09-12 12:37 |
2013-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260153
|
- |
|
digium
|
asterisk
certified_asterisk
|
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.17.x through 1.8.22.x, 1.8.23.x before 1.8.23.1, and 11.x before 11.5.1 and Certified Asterisk 1.8.15 before 1.8.15-cert3 and …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-5641
|
2013-09-12 12:37 |
2013-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260154
|
- |
|
digium
|
asterisk
asterisk_digiumphones
certified_asterisk
|
The SIP channel driver (channels/chan_sip.c) in Asterisk Open Source 1.8.x before 1.8.23.1, 10.x before 10.12.3, and 11.x before 11.5.1; Certified Asterisk 1.8.15 before 1.8.15-cert3 and 11.2 before …
|
CWE-20
Improper Input Validation
|
CVE-2013-5642
|
2013-09-12 12:37 |
2013-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260155
|
- |
|
roundcube
|
webmail
|
Multiple cross-site scripting (XSS) vulnerabilities in Roundcube webmail before 0.9.3 allow user-assisted remote attackers to inject arbitrary web script or HTML via the body of a message visited in …
|
CWE-79
Cross-site Scripting
|
CVE-2013-5645
|
2013-09-12 12:37 |
2013-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260156
|
- |
|
advanceprotech
|
advanceware
|
AdvancePro Advanceware allows remote authenticated users to obtain sensitive information about arbitrary customers' orders via a modified id parameter.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3596
|
2013-09-12 12:36 |
2013-09-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260157
|
- |
|
php
|
php
|
Integer overflow in the SdnToJewish function in jewish.c in the Calendar component in PHP before 5.3.26 and 5.4.x before 5.4.16 allows context-dependent attackers to cause a denial of service (applic…
|
CWE-189
Numeric Errors
|
CVE-2013-4635
|
2013-09-12 12:36 |
2013-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260158
|
- |
|
lockon
|
ec-cube
|
Multiple directory traversal vulnerabilities in the doApiAction function in data/class/api/SC_Api_Operation.php in LOCKON EC-CUBE 2.12.0 through 2.12.5 on Windows allow remote attackers to read arbit…
|
CWE-22
Path Traversal
|
CVE-2013-4702
|
2013-09-12 12:36 |
2013-08-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260159
|
- |
|
x
|
libxp
|
Multiple integer overflows in X.org libXp 1.0.1 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XpGetAttributes, (2) XpGe…
|
CWE-189
Numeric Errors
|
CVE-2013-2062
|
2013-09-12 12:34 |
2013-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260160
|
- |
|
gnome
|
gnome_display_manager
|
GNOME Display Manager (gdm) before 2.21.1 allows local users to change permissions of arbitrary directories via a symlink attack on /tmp/.X11-unix/.
|
CWE-59
Link Following
|
CVE-2013-4169
|
2013-09-12 10:06 |
2013-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
