260521
|
- |
|
symantec
|
messaging_gateway
|
Symantec Messaging Gateway (SMG) before 10.0 allows remote attackers to obtain potentially sensitive information about component versions via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2012-3581
|
2013-10-11 05:48 |
2012-08-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260522
|
- |
|
sebastien_corbin
|
make_meeting_scheduler_module
|
The Make Meeting Scheduler module 6.x-1.x before 6.x-1.3 for Drupal allows remote attackers to bypass intended access restrictions for a poll via a direct request to the node's URL instead of the has…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4379
|
2013-10-11 05:41 |
2013-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260523
|
- |
|
alienvault
|
open_source_security_information_management
|
Multiple SQL injection vulnerabilities in AlienVault Open Source Security Information Management (OSSIM) 4.3 and earlier allow remote attackers to execute arbitrary SQL commands via the date_from par…
|
CWE-89
SQL Injection
|
CVE-2013-5967
|
2013-10-11 05:38 |
2013-10-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260524
|
- |
|
menalto
|
gallery
|
The (1) uploadify and (2) flowplayer SWF files in Gallery 3 before 3.0.8 do not properly remove query parameters and fragments, which allows remote attackers to have an unspecified impact via a repla…
|
CWE-20
Improper Input Validation
|
CVE-2013-2138
|
2013-10-11 05:28 |
2013-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260525
|
- |
|
menalto
|
gallery
|
lib/flowplayer.swf.php in Gallery 3 before 3.0.9 does not properly remove query fragments, which allows remote attackers to have an unspecified impact via a replay attack, a different vulnerability t…
|
NVD-CWE-noinfo
|
CVE-2013-2240
|
2013-10-11 05:27 |
2013-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260526
|
- |
|
menalto
|
gallery
|
modules/gallery/helpers/data_rest.php in Gallery 3 before 3.0.9 allows remote attackers to bypass intended access restrictions and obtain sensitive information (image files) via the "full" string in …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2241
|
2013-10-11 05:26 |
2013-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260527
|
- |
|
cartpauj
|
mingle-forum
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the Mingle Forum plugin 1.0.34 and possibly earlier for WordPress allow remote attackers to hijack the authentication of administrators f…
|
CWE-352
Origin Validation Error
|
CVE-2013-0736
|
2013-10-11 05:23 |
2013-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260528
|
- |
|
eucalyptus
|
eucalyptus
|
Unspecified vulnerability in Eucalyptus before 3.3.2 has unknown impact and attack vectors.
|
NVD-CWE-noinfo
|
CVE-2013-4767
|
2013-10-11 05:12 |
2013-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260529
|
- |
|
symantec
|
management_platform
|
The agent and task-agent components in Symantec Management Platform 7.0 and 7.1 before 7.1 SP2 Mp1.1v7 rollup, as used in certain Altiris products, use the same registry-entry encryption key across d…
|
CWE-200
Information Exposure
|
CVE-2013-5008
|
2013-10-11 05:10 |
2013-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
260530
|
- |
|
phusion
|
passenger
|
ext/common/ServerInstanceDir.h in Phusion Passenger gem before 4.0.6 for Ruby allows local users to gain privileges or possibly change the ownership of arbitrary directories via a symlink attack on a…
|
CWE-59
Link Following
|
CVE-2013-4136
|
2013-10-11 04:09 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|