260811
|
- |
|
mozilla
|
firefox
|
Mozilla Firefox before 16.0 on Android assigns chrome privileges to Reader Mode pages, which allows user-assisted remote attackers to bypass intended access restrictions via a crafted web site.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3987
|
2013-05-4 12:20 |
2012-10-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260812
|
- |
|
djangoproject
|
django
|
The django.http.HttpRequest.get_host function in Django 1.3.x before 1.3.4 and 1.4.x before 1.4.2 allows remote attackers to generate and display arbitrary URLs via crafted username and password Host…
|
CWE-20
Improper Input Validation
|
CVE-2012-4520
|
2013-05-4 12:20 |
2012-11-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260813
|
- |
|
ruby-lang
|
ruby
|
The rb_get_path_check function in file.c in Ruby 1.9.3 before patchlevel 286 and Ruby 2.0.0 before r37163 allows context-dependent attackers to create files in unexpected locations or with unexpected…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4522
|
2013-05-4 12:20 |
2012-11-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260814
|
- |
|
joomla
|
joomla\!
|
Cross-site scripting (XSS) vulnerability in the highlighter plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified…
|
CWE-79
Cross-site Scripting
|
CVE-2013-3267
|
2013-05-4 03:23 |
2013-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260815
|
- |
|
joomla
|
joomla\!
|
Cross-site scripting (XSS) vulnerability in the Voting plugin in Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vect…
|
CWE-79
Cross-site Scripting
|
CVE-2013-3059
|
2013-05-4 03:19 |
2013-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260816
|
- |
|
emc
|
avamar
|
EMC Avamar Client before 6.1.101-89 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man…
|
CWE-20
Improper Input Validation
|
CVE-2013-0945
|
2013-05-4 01:54 |
2013-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260817
|
- |
|
emc
|
networker
|
The nsrpush process in the client in EMC NetWorker before 7.6.5.3 and 8.x before 8.0.1.4 sets weak permissions for unspecified files, which allows local users to gain privileges via unknown vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0940
|
2013-05-3 20:57 |
2013-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260818
|
- |
|
emc
|
avamar
|
The web-based file-restore interface in EMC Avamar Server before 6.1.0 allows remote authenticated users to read arbitrary files via a crafted URL.
|
CWE-200
Information Exposure
|
CVE-2013-0944
|
2013-05-3 20:57 |
2013-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260819
|
- |
|
cisco
|
webex_meetings_server webex_node_for_mcs
|
The HTTP implementation in Cisco WebEx Node for MCS and WebEx Meetings Server allows remote attackers to read cache files via a crafted request, aka Bug IDs CSCue36664 and CSCue36629.
|
CWE-200 CWE-20
Information Exposure Improper Input Validation
|
CVE-2013-1231
|
2013-05-3 20:57 |
2013-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260820
|
- |
|
cisco
|
ios_xr
|
The SNMP module in Cisco IOS XR allows remote authenticated users to cause a denial of service (process restart) via crafted SNMP packets, aka Bug ID CSCue69472.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-1234
|
2013-05-3 20:57 |
2013-05-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|