|
258971
|
- |
|
debian
|
adequate
|
Debian adequate before 0.8.1, when run by root with the --user option, allows local users to hijack the tty and possibly gain privileges via the TIOCSTI ioctl.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-6409
|
2013-12-10 05:52 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258972
|
- |
|
twibright
|
links
|
Integer overflow in Links before 2.8 allows remote attackers to cause a denial of service (crash) via crafted HTML tables.
|
CWE-189
Numeric Errors
|
CVE-2013-6050
|
2013-12-10 05:02 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258973
|
- |
|
supmua
|
sup
|
Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.
|
CWE-94
Code Injection
|
CVE-2013-4478
|
2013-12-10 02:54 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258974
|
- |
|
steven_jones
|
context
|
The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support t…
|
CWE-94
Code Injection
|
CVE-2013-4446
|
2013-12-10 02:38 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258975
|
- |
|
steven_jones
|
context
|
The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4445
|
2013-12-10 02:36 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258976
|
- |
|
apache
|
roller
|
Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RS…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4171
|
2013-12-10 02:09 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258977
|
- |
|
jean-paul_calderone
canonical
|
pyopenssl
ubuntu_linux
|
The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle a…
|
CWE-20
Improper Input Validation
|
CVE-2013-4314
|
2013-12-8 15:00 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258978
|
- |
|
jamroom
|
search_module
|
Cross-site scripting (XSS) vulnerability in the Search module before 1.1.1 for Jamroom allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to search/results…
|
CWE-79
Cross-site Scripting
|
CVE-2013-6804
|
2013-12-7 03:33 |
2013-12-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258979
|
- |
|
boost
|
boost
|
boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input vali…
|
CWE-20
Improper Input Validation
|
CVE-2013-0252
|
2013-12-5 14:22 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258980
|
- |
|
fail2ban
|
fail2ban
|
server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecifie…
|
NVD-CWE-noinfo
|
CVE-2012-5642
|
2013-12-5 14:20 |
2012-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
