|
260241
|
- |
|
bestpractical
|
rt
|
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an att…
|
CWE-79
Cross-site Scripting
|
CVE-2013-3371
|
2013-08-26 23:33 |
2013-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260242
|
- |
|
bestpractical
|
rt
|
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a di…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3370
|
2013-08-26 23:31 |
2013-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260243
|
- |
|
bestpractical
|
rt
|
bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.
|
CWE-59
Link Following
|
CVE-2013-3368
|
2013-08-26 23:25 |
2013-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260244
|
- |
|
redhat
apache
|
enterprise_mrg
qpid
|
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which al…
|
CWE-20
Improper Input Validation
|
CVE-2013-1909
|
2013-08-26 23:01 |
2013-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260245
|
- |
|
sixnet
|
udr
rtu_firmware
|
The universal protocol implementation in Sixnet UDR before 2.0 and RTU firmware before 4.8 allows remote attackers to execute arbitrary code; read, modify, or create files; or obtain file metadata vi…
|
CWE-94
Code Injection
|
CVE-2013-2802
|
2013-08-24 05:28 |
2013-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260246
|
- |
|
osisoft
|
pi_interface
|
The OSIsoft PI Interface for IEEE C37.118 before 1.0.6.158 allows remote attackers to cause a denial of service (instance shutdown and data-collection outage) via crafted C37.118 configuration packet…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-2801
|
2013-08-24 02:09 |
2013-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260247
|
- |
|
advantech
|
advantech_webaccess
|
Cross-site scripting (XSS) vulnerability in Advantech WebAccess (formerly BroadWin WebAccess) before 7.1 2013.05.30 allows remote authenticated users to inject arbitrary web script or HTML via unspec…
|
CWE-79
Cross-site Scripting
|
CVE-2013-2299
|
2013-08-23 22:37 |
2013-08-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260248
|
- |
|
sane
|
sane
sane-backend
|
saned in sane-backends 1.0.7 and earlier does not check the IP address of the connecting host during the SANE_NET_INIT RPC call, which allows remote attackers to use that call even if they are restri…
|
NVD-CWE-Other
|
CVE-2003-0773
|
2013-08-23 13:29 |
2003-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260249
|
- |
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Endeca Server component in Oracle Fusion Middleware 7.4.0 and 7.5.1.1 allows remote authenticated users to affect confidentiality and integrity via unknown vec…
|
NVD-CWE-noinfo
|
CVE-2013-3764
|
2013-08-22 15:54 |
2013-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260250
|
- |
|
oracle
|
virtualization
vm_virtualbox
|
Unspecified vulnerability in the Secure Global Desktop component in Oracle Virtualization All 4.6 releases including 4.63 and 4.7 prior to 4.71 allows remote attackers to affect confidentiality, inte…
|
NVD-CWE-noinfo
|
CVE-2013-3779
|
2013-08-22 15:54 |
2013-07-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
