259141
|
- |
|
drupal
|
drupal
|
The form API in Drupal 6.x before 6.29 and 7.x before 7.24, when used with unspecified third-party modules, performs form validation even when CSRF validation has failed, which might allow remote att…
|
CWE-94
Code Injection
|
CVE-2013-6385
|
2014-01-14 13:28 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259142
|
- |
|
drupal
|
drupal
|
Drupal 6.x before 6.29 and 7.x before 7.24 uses the PHP mt_rand function to generate random numbers, which uses predictable seeds and allows remote attackers to predict security strings and bypass in…
|
CWE-310
Cryptographic Issues
|
CVE-2013-6386
|
2014-01-14 13:28 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259143
|
- |
|
hp
|
linux_imaging_and_printing_project
|
The check_permission_v1 function in base/pkit.py in HP Linux Imaging and Printing (HPLIP) through 3.13.9 does not properly use D-Bus for communication with a polkit authority, which allows local user…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4325
|
2014-01-14 13:27 |
2013-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259144
|
- |
|
redhat
|
enterprise_mrg
|
cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4404
|
2014-01-14 13:27 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259145
|
- |
|
redhat
|
enterprise_mrg
|
SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table ope…
|
CWE-89
SQL Injection
|
CVE-2013-4461
|
2014-01-14 13:27 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259146
|
- |
|
novell suse
|
suse_lifecycle_management_server studio_onsite webyast
|
WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3709
|
2014-01-14 13:26 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259147
|
- |
|
idleman
|
leed
|
Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite action…
|
CWE-20
Improper Input Validation
|
CVE-2013-2629
|
2014-01-14 13:25 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259148
|
- |
|
redhat
|
cloudforms_management_engine
|
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in th…
|
CWE-22
Path Traversal
|
CVE-2013-2068
|
2014-01-14 13:24 |
2013-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259149
|
- |
|
canonical
|
ubuntu_linux
|
Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions befo…
|
CWE-362
Race Condition
|
CVE-2013-2162
|
2014-01-14 13:24 |
2013-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
259150
|
- |
|
rubygems
|
rubygems
|
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
|
NVD-CWE-Other
|
CVE-2012-2125
|
2014-01-14 13:17 |
2013-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|