|
259701
|
- |
|
redhat
|
enterprise_mrg
|
SQL injection vulnerability in the web interface for cumin in Red Hat Enterprise MRG Grid 2.4 allows remote attackers to execute arbitrary SQL commands via vectors related to the "filtering table ope…
|
CWE-89
SQL Injection
|
CVE-2013-4461
|
2014-01-14 13:27 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259702
|
- |
|
novell
suse
|
suse_lifecycle_management_server
studio_onsite
webyast
|
WebYaST 1.3 uses weak permissions for config/initializers/secret_token.rb, which allows local users to gain privileges by reading the Rails secret token from this file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3709
|
2014-01-14 13:26 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259703
|
- |
|
idleman
|
leed
|
Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite action…
|
CWE-20
Improper Input Validation
|
CVE-2013-2629
|
2014-01-14 13:25 |
2013-12-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259704
|
- |
|
redhat
|
cloudforms_management_engine
|
Multiple directory traversal vulnerabilities in the AgentController in Red Hat CloudForms Management Engine 2.0 allow remote attackers to create and overwrite arbitrary files via a .. (dot dot) in th…
|
CWE-22
Path Traversal
|
CVE-2013-2068
|
2014-01-14 13:24 |
2013-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259705
|
- |
|
canonical
|
ubuntu_linux
|
Race condition in the post-installation script (mysql-server-5.5.postinst) for MySQL Server 5.5 for Debian GNU/Linux and Ubuntu Linux creates a configuration file with world-readable permissions befo…
|
CWE-362
Race Condition
|
CVE-2013-2162
|
2014-01-14 13:24 |
2013-08-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259706
|
- |
|
rubygems
|
rubygems
|
RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack.
|
NVD-CWE-Other
|
CVE-2012-2125
|
2014-01-14 13:17 |
2013-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259707
|
- |
|
rubygems
|
rubygems
|
RubyGems before 1.8.23 does not verify an SSL certificate, which allows remote attackers to modify a gem during installation via a man-in-the-middle attack.
|
CWE-310
Cryptographic Issues
|
CVE-2012-2126
|
2014-01-14 13:17 |
2013-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259708
|
- |
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.5 and 8.3.7 allows context-dependent attackers to affect confidentiality, integrity, and availa…
|
NVD-CWE-noinfo
|
CVE-2012-0110
|
2014-01-14 13:14 |
2012-01-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259709
|
- |
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows context-dependent attackers to affect confidentiality, integrity, and av…
|
NVD-CWE-noinfo
|
CVE-2011-2264
|
2014-01-14 13:09 |
2011-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259710
|
- |
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Outside In Technology component in Oracle Fusion Middleware 8.3.2.0 and 8.3.5.0 allows context-dependent attackers to affect availability via unknown vectors r…
|
NVD-CWE-noinfo
|
CVE-2011-2267
|
2014-01-14 13:09 |
2011-07-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
