|
260871
|
- |
|
myrephp
|
myre_realty_manager
|
Cross-site scripting (XSS) vulnerability in search.php in MYRE Realty Manager allows remote attackers to inject arbitrary web script or HTML via the cat_id1 parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-6585
|
2013-08-27 00:20 |
2013-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260872
|
- |
|
vmware
|
workstation
player
|
vmware-mount in VMware Workstation 8.x and 9.x and VMware Player 4.x and 5.x, on systems based on Debian GNU/Linux, allows host OS users to gain host OS privileges via a crafted lsb_release binary in…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1662
|
2013-08-27 00:14 |
2013-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260873
|
- |
|
vmware
|
workstation
player
|
Per: http://www.vmware.com/security/advisories/VMSA-2013-0010.html
"The issue is present when Workstation or Player are installed on a Debian-based version of Linux."
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1662
|
2013-08-27 00:14 |
2013-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260874
|
- |
|
bestpractical
|
rt
|
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 4.x before 4.0.13, when MakeClicky is configured, allows remote attackers to inject arbitrary web script or HTML via a URL in a ticket…
|
CWE-79
Cross-site Scripting
|
CVE-2013-5587
|
2013-08-26 23:58 |
2013-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260875
|
- |
|
bestpractical
|
rt
|
Unspecified vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13, when using the Apache::Session::File session store, allows remote attackers to obtain sensitive informat…
|
NVD-CWE-noinfo
|
CVE-2013-3374
|
2013-08-26 23:42 |
2013-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260876
|
- |
|
bestpractical
|
rt
|
CRLF injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks v…
|
CWE-94
Code Injection
|
CVE-2013-3373
|
2013-08-26 23:38 |
2013-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260877
|
- |
|
bestpractical
|
rt
|
Cross-site scripting (XSS) vulnerability in Request Tracker (RT) 3.8.3 through 3.8.16 and 4.0.x before 4.0.13 allows remote attackers to inject arbitrary web script or HTML via the filename of an att…
|
CWE-79
Cross-site Scripting
|
CVE-2013-3371
|
2013-08-26 23:33 |
2013-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260878
|
- |
|
bestpractical
|
rt
|
Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 does not properly restrict access to private callback components, which allows remote attackers to have an unspecified impact via a di…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-3370
|
2013-08-26 23:31 |
2013-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260879
|
- |
|
bestpractical
|
rt
|
bin/rt in Request Tracker (RT) 3.8.x before 3.8.17 and 4.0.x before 4.0.13 allows local users to overwrite arbitrary files via a symlink attack on a temporary file with predictable name.
|
CWE-59
Link Following
|
CVE-2013-3368
|
2013-08-26 23:25 |
2013-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
260880
|
- |
|
redhat
apache
|
enterprise_mrg
qpid
|
The Python client in Apache Qpid before 2.2 does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which al…
|
CWE-20
Improper Input Validation
|
CVE-2013-1909
|
2013-08-26 23:01 |
2013-08-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
