|
259291
|
- |
|
larry_wall
|
perl
|
Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build dir…
|
NVD-CWE-Other
|
CVE-2005-4278
|
2013-10-24 10:56 |
2005-12-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259292
|
- |
|
draytek
|
vigor_2700_router_firmware
vigor_2700_router
|
The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during in…
|
CWE-78
OS Command
|
CVE-2013-5703
|
2013-10-23 12:22 |
2013-10-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259293
|
- |
|
apple
|
iphone_os
|
IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5137
|
2013-10-23 05:04 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259294
|
- |
|
apple
|
iphone_os
|
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
|
CWE-20
Improper Input Validation
|
CVE-2013-5140
|
2013-10-23 04:59 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259295
|
- |
|
apple
|
iphone_os
|
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attac…
|
CWE-79
Cross-site Scripting
|
CVE-2013-5151
|
2013-10-23 04:53 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259296
|
- |
|
apple
|
iphone_os
|
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
|
CWE-20
Improper Input Validation
|
CVE-2013-5155
|
2013-10-23 04:52 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259297
|
- |
|
apple
|
iphone_os
|
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a cr…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5156
|
2013-10-23 04:52 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259298
|
- |
|
apple
|
iphone_os
|
The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5157
|
2013-10-23 04:26 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259299
|
- |
|
apple
|
iphone_os
|
The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Tw…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5158
|
2013-10-23 04:22 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259300
|
- |
|
apple
|
iphone_os
|
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAM…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5159
|
2013-10-23 04:20 |
2013-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
