260991
|
- |
|
display_suite_project
|
ds
|
Cross-site scripting (XSS) vulnerability in the Display Suite module 7.x-1.x before 7.x-1.7 and 7.x-2.x before 7.x-2.1 for Drupal allows remote attackers to inject arbitrary web script or HTML via th…
|
CWE-79
Cross-site Scripting
|
CVE-2013-0323
|
2013-04-4 13:00 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260992
|
- |
|
tomasbarej
|
menu_reference
|
Cross-site scripting (XSS) vulnerability in the Rendered links formatter in the Menu Reference module 7.x-1.x before 7.x-1.0 for Drupal allows remote authenticated users with the "Administer menus an…
|
CWE-79
Cross-site Scripting
|
CVE-2013-0324
|
2013-04-4 13:00 |
2013-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260993
|
- |
|
katello
|
katello katello-configure
|
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6116
|
2013-04-4 12:21 |
2013-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260994
|
- |
|
emc
|
smarts_network_configuration_manager
|
EMC Smarts Network Configuration Manager (NCM) before 9.2 does not require authentication for all Java RMI method calls, which allows remote attackers to execute arbitrary code via unspecified vector…
|
CWE-287
Improper Authentication
|
CVE-2013-0935
|
2013-04-3 13:00 |
2013-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260995
|
- |
|
candlepinproject redhat
|
candlepin subscription_asset_manager
|
Candlepin before 0.7.24, as used in Red Hat Subscription Asset Manager before 1.2.1, does not properly check manifest signatures, which allows local users to modify manifests.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6119
|
2013-04-3 13:00 |
2013-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260996
|
- |
|
transmissionbt canonical fedoraproject
|
transmission ubuntu_linux fedora
|
Stack-based buffer overflow in utp.cpp in libutp, as used in Transmission before 2.74 and possibly other products, allows remote attackers to cause a denial of service (crash) and possibly execute ar…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-6129
|
2013-04-3 13:00 |
2013-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260997
|
- |
|
transmissionbt canonical fedoraproject
|
transmission ubuntu_linux fedora
|
Per http://www.ubuntu.com/usn/USN-1747-1/ "A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 12.10
Ubuntu 12.04 LTS
Ubuntu 11.10"
Per https://bugzilla.re…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-6129
|
2013-04-3 13:00 |
2013-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260998
|
- |
|
ithemes
|
backupbuddy
|
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not require that authentication be enabled, which allows remote attackers to obtain sensitive info…
|
CWE-287
Improper Authentication
|
CVE-2013-2741
|
2013-04-2 21:09 |
2013-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260999
|
- |
|
ithemes
|
backupbuddy
|
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress does not reliably delete itself after completing a restore operation, which makes it easier for remote …
|
NVD-CWE-Other
|
CVE-2013-2742
|
2013-04-2 21:09 |
2013-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
261000
|
- |
|
ithemes
|
backupbuddy
|
importbuddy.php in the BackupBuddy plugin 1.3.4, 2.1.4, 2.2.25, 2.2.28, and 2.2.4 for WordPress allows remote attackers to bypass authentication via a crafted integer in the step parameter.
|
CWE-287
Improper Authentication
|
CVE-2013-2743
|
2013-04-2 21:09 |
2013-04-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|