245151
|
5.0 |
MEDIUM
|
djangoproject
|
django
|
Directory traversal vulnerability in Django 1.4.x before 1.4.7, 1.5.x before 1.5.3, and 1.6.x before 1.6 beta 3 allows remote attackers to read arbitrary files via a file path in the ALLOWED_INCLUDE_…
|
CWE-22
パス・トラバーサル
|
CVE-2013-4315
|
2013-12-10 15:05 |
2013-09-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245152
|
6.2 |
MEDIUM
|
debian
|
adequate
|
Debian adequate before 0.8.1, when run by root with the --user option, allows local users to hijack the tty and possibly gain privileges via the TIOCSTI ioctl.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-6409
|
2013-12-10 05:52 |
2013-12-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245153
|
4.3 |
MEDIUM
|
twibright
|
links
|
Integer overflow in Links before 2.8 allows remote attackers to cause a denial of service (crash) via crafted HTML tables.
|
CWE-189
数値処理の問題
|
CVE-2013-6050
|
2013-12-10 05:02 |
2013-12-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245154
|
6.8 |
MEDIUM
|
supmua
|
sup
|
Sup before 0.13.2.1 and 0.14.x before 0.14.1.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the filename of an email attachment.
|
CWE-94
コード・インジェクション
|
CVE-2013-4478
|
2013-12-10 02:54 |
2013-12-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245155
|
6.8 |
MEDIUM
|
steven_jones
|
context
|
The _json_decode function in plugins/context_reaction_block.inc in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal, when using a version of PHP that does not support t…
|
CWE-94
コード・インジェクション
|
CVE-2013-4446
|
2013-12-10 02:38 |
2013-12-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245156
|
4.9 |
MEDIUM
|
steven_jones
|
context
|
The json rendering functionality in the Context module 6.x-2.x before 6.x-3.2 and 7.x-3.x before 7.x-3.0 for Drupal uses Drupal's token scheme to restrict access to blocks, which makes it easier for …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-4445
|
2013-12-10 02:36 |
2013-12-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245157
|
4.3 |
MEDIUM
|
apache
|
roller
|
Multiple cross-site scripting (XSS) vulnerabilities in Apache Roller before 5.0.2 allow remote attackers to inject arbitrary web script or HTML via vectors related to the search results in the (1) RS…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-4171
|
2013-12-10 02:09 |
2013-12-8 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245158
|
4.3 |
MEDIUM
|
jean-paul_calderone canonical
|
pyopenssl ubuntu_linux
|
The X509Extension in pyOpenSSL before 0.13.1 does not properly handle a '\0' character in a domain name in the Subject Alternative Name field of an X.509 certificate, which allows man-in-the-middle a…
|
CWE-20
不適切な入力確認
|
CVE-2013-4314
|
2013-12-8 15:00 |
2013-10-1 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245159
|
4.3 |
MEDIUM
|
jamroom
|
search_module
|
Cross-site scripting (XSS) vulnerability in the Search module before 1.1.1 for Jamroom allows remote attackers to inject arbitrary web script or HTML via the search_string parameter to search/results…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-6804
|
2013-12-7 03:33 |
2013-12-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245160
|
5.0 |
MEDIUM
|
boost
|
boost
|
boost::locale::utf::utf_traits in the Boost.Locale library in Boost 1.48 through 1.52 does not properly detect certain invalid UTF-8 sequences, which might allow remote attackers to bypass input vali…
|
CWE-20
不適切な入力確認
|
CVE-2013-0252
|
2013-12-5 14:22 |
2013-03-13 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245161
|
7.5 |
HIGH
|
fail2ban
|
fail2ban
|
server/action.py in Fail2ban before 0.8.8 does not properly handle the content of the matches tag, which might allow remote attackers to trigger unsafe behavior in a custom action file via unspecifie…
|
NVD-CWE-noinfo
|
CVE-2012-5642
|
2013-12-5 14:20 |
2012-12-31 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245162
|
5.8 |
MEDIUM
|
cups-pk-helper_project
|
cups-pk-helper
|
cups-pk-helper before 0.2.3 does not properly wrap the (1) cupsGetFile and (2) cupsPutFile function calls, which allows user-assisted remote attackers to read or overwrite sensitive files using CUPS …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-4510
|
2013-12-5 14:17 |
2012-11-20 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245163
|
4.4 |
MEDIUM
|
gnome
|
gnome-keyring
|
GNOME gnome-keyring 3.4.0 through 3.4.1, when gpg-cache-method is set to "idle" or "timeout," does not properly limit the amount of time a passphrase is cached, which allows attackers to have an unsp…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2012-3466
|
2013-12-5 14:15 |
2012-10-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245164
|
7.2 |
HIGH
|
novell
|
suse_linux_enterprise_for_sap_applications
|
Race condition in sap_suse_cluster_connector before 1.0.0-0.8.1 in SUSE Linux Enterprise for SAP Applications 11 SP2 allows local users to have an unspecified impact via vectors related to a tmp/ dir…
|
CWE-362
競合状態
|
CVE-2012-0426
|
2013-12-3 09:37 |
2013-12-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245165
|
4.4 |
MEDIUM
|
opensuse
|
zypper
|
zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in th…
|
NVD-CWE-noinfo
|
CVE-2012-0420
|
2013-12-3 09:03 |
2013-12-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245166
|
3.3 |
LOW
|
checkpoint
|
endpoint_security
|
Unlock.exe in Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not associate password failures with a device ID, which makes it easier for physically proximate attac…
|
CWE-255
証明書・パスワード管理
|
CVE-2013-5636
|
2013-12-3 02:29 |
2013-11-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245167
|
3.3 |
LOW
|
checkpoint
|
endpoint_security
|
Media Encryption EPM Explorer in Check Point Endpoint Security through E80.50 does not properly maintain the state of password failures, which makes it easier for physically proximate attackers to by…
|
CWE-255
証明書・パスワード管理
|
CVE-2013-5635
|
2013-12-3 01:20 |
2013-11-30 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245168
|
6.8 |
MEDIUM
|
joomla
|
joomla\!
|
administrator/components/com_media/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended …
|
CWE-20
不適切な入力確認
|
CVE-2013-5576
|
2013-12-1 13:31 |
2013-10-9 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245169
|
7.1 |
HIGH
|
david_king canonical
|
vino ubuntu_linux
|
The vino_server_client_data_pending function in vino-server.c in GNOME Vino 2.26.1, 2.32.1, 3.7.3, and earlier, and 3.8 when encryption is disabled, does not properly clear client data when an error …
|
CWE-20
不適切な入力確認
|
CVE-2013-5745
|
2013-12-1 13:31 |
2013-10-2 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245170
|
4.0 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle WebCenter Sites component in Oracle Fusion Middleware 7.6.2, 11.1.1.6.0, and 11.1.1.6.1 allows remote authenticated users to affect integrity via unknown vecto…
|
NVD-CWE-noinfo
|
CVE-2013-1509
|
2013-12-1 13:27 |
2013-04-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245171
|
6.5 |
MEDIUM
|
postgresql canonical
|
postgresql ubuntu_linux
|
Argument injection vulnerability in PostgreSQL 9.2.x before 9.2.4, 9.1.x before 9.1.9, and 9.0.x before 9.0.13 allows remote attackers to cause a denial of service (file corruption), and allows remot…
|
CWE-94
コード・インジェクション
|
CVE-2013-1899
|
2013-12-1 13:27 |
2013-04-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245172
|
6.5 |
MEDIUM
|
postgresql canonical
|
postgresql ubuntu_linux
|
Per http://www.ubuntu.com/usn/USN-1789-1/
"A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 12.10
Ubuntu 12.04 LTS
Ubuntu 11.10
Ubuntu 10.04 LTS
Ubuntu 8.04 LTS"
|
CWE-94
コード・インジェクション
|
CVE-2013-1899
|
2013-12-1 13:27 |
2013-04-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245173
|
4.0 |
MEDIUM
|
postgresql canonical
|
postgresql ubuntu_linux
|
PostgreSQL 9.2.x before 9.2.4 and 9.1.x before 9.1.9 does not properly check REPLICATION privileges, which allows remote authenticated users to bypass intended backup restrictions by calling the (1) …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-1901
|
2013-12-1 13:27 |
2013-04-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245174
|
4.0 |
MEDIUM
|
postgresql canonical
|
postgresql ubuntu_linux
|
Per http://www.ubuntu.com/usn/USN-1789-1/
"A security issue affects these releases of Ubuntu and its derivatives:
Ubuntu 12.10
Ubuntu 12.04 LTS
Ubuntu 11.10
Ubuntu 10.04 LTS
Ubuntu 8.04 LTS"
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-1901
|
2013-12-1 13:27 |
2013-04-5 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245175
|
5.1 |
MEDIUM
|
haproxy
|
haproxy
|
Buffer overflow in HAProxy 1.4 through 1.4.22 and 1.5-dev through 1.5-dev17, when HTTP keep-alive is enabled, using HTTP keywords in TCP inspection rules, and running with rewrite rules that appends …
|
CWE-119
バッファエラー
|
CVE-2013-1912
|
2013-12-1 13:27 |
2013-04-11 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245176
|
3.3 |
LOW
|
xen
|
xen
|
qemu-nbd in QEMU, as used in Xen 4.2.x, determines the format of a raw disk image based on the header, which allows local guest OS administrators to read arbitrary files on the host by modifying the …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-1922
|
2013-12-1 13:27 |
2013-05-14 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245177
|
6.8 |
MEDIUM
|
x
|
libxfixes
|
Integer overflow in X.org libXfixes 5.0 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XFixesGetCursorImage function.
|
CWE-189
数値処理の問題
|
CVE-2013-1983
|
2013-12-1 13:27 |
2013-06-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245178
|
6.8 |
MEDIUM
|
x
|
libxinerama
|
Integer overflow in X.org libXinerama 1.1.2 and earlier allows X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the XineramaQueryScreens function.
|
CWE-20
不適切な入力確認
|
CVE-2013-1985
|
2013-12-1 13:27 |
2013-06-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245179
|
6.8 |
MEDIUM
|
x
|
libxrandr
|
Multiple integer overflows in X.org libXrandr 1.4.0 and earlier allow X servers to trigger allocation of insufficient memory and a buffer overflow via vectors related to the (1) XRRQueryOutputPropert…
|
CWE-189
数値処理の問題
|
CVE-2013-1986
|
2013-12-1 13:27 |
2013-06-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245180
|
6.8 |
MEDIUM
|
x
|
libx11
|
Multiple buffer overflows in X.org libX11 1.5.99.901 (1.6 RC1) and earlier allow X servers to cause a denial of service (crash) and possibly execute arbitrary code via crafted length or index values …
|
CWE-119
バッファエラー
|
CVE-2013-1997
|
2013-12-1 13:27 |
2013-06-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245181
|
6.5 |
MEDIUM
|
tinc-vpn
|
tinc
|
Stack-based buffer overflow in the receive_tcppacket function in net_packet.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service (crash) or po…
|
CWE-119
バッファエラー
|
CVE-2013-1428
|
2013-12-1 13:26 |
2013-04-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245182
|
5.0 |
MEDIUM
|
cisco
|
ios_xr
|
The SNMP module in Cisco IOS XR allows remote attackers to cause a denial of service (process reload) via a request for an unspecified MIB, aka Bug ID CSCuh43144.
|
CWE-20
不適切な入力確認
|
CVE-2013-6700
|
2013-11-29 23:52 |
2013-11-29 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245183
|
10.0 |
HIGH
|
thomsonreuters
|
velocity_analytics_vhayu_analytic_server
|
VhttpdMgr in Thomson Reuters Velocity Analytics Vhayu Analytic Server 6.94 build 2995 allows remote attackers to execute arbitrary code via a URL in the fileName parameter during an importFile action.
|
CWE-94
コード・インジェクション
|
CVE-2013-5912
|
2013-11-29 23:18 |
2013-11-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245184
|
4.3 |
MEDIUM
|
jahia
|
jahia_xcm
|
Multiple cross-site scripting (XSS) vulnerabilities in Jahia xCM 6.6.1.0 before hotfix 7 allow remote attackers to inject arbitrary web script or HTML via (1) the site parameter to engines/manager.js…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-4624
|
2013-11-29 22:40 |
2013-11-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245185
|
5.0 |
MEDIUM
|
jahia
|
jahia_xcm
|
Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via …
|
CWE-200
情報漏えい
|
CVE-2013-4617
|
2013-11-29 22:38 |
2013-11-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245186
|
3.5 |
LOW
|
jahia
|
jahia_xcm
|
Cross-site scripting (XSS) vulnerability in Jahia xCM before 6.6.2 allows remote authenticated users to inject arbitrary web script or HTML via the "about me" field.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-3920
|
2013-11-29 22:35 |
2013-11-28 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245187
|
6.8 |
MEDIUM
|
sybase
|
adaptive_server_enterprise
|
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to …
|
NVD-CWE-noinfo
|
CVE-2013-6860
|
2013-11-28 01:49 |
2013-11-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245188
|
4.9 |
MEDIUM
|
sybase
|
adaptive_server_enterprise
|
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain s…
|
NVD-CWE-noinfo
|
CVE-2013-6861
|
2013-11-28 01:45 |
2013-11-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245189
|
7.8 |
HIGH
|
sybase
|
adaptive_server_enterprise
|
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a de…
|
NVD-CWE-noinfo
|
CVE-2013-6862
|
2013-11-28 01:44 |
2013-11-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245190
|
9.0 |
HIGH
|
sybase
|
adaptive_server_enterprise
|
SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to gain privileges via un…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-6863
|
2013-11-28 01:42 |
2013-11-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245191
|
9.0 |
HIGH
|
sybase
|
adaptive_server_enterprise
|
SAP Sybase Adaptive Server Enterprise (ASE) before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code via un…
|
CWE-94
コード・インジェクション
|
CVE-2013-6866
|
2013-11-28 01:41 |
2013-11-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245192
|
6.1 |
MEDIUM
|
sybase
|
adaptive_server_enterprise
|
Directory traversal vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenti…
|
CWE-22
パス・トラバーサル
|
CVE-2013-6864
|
2013-11-28 01:40 |
2013-11-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245193
|
4.3 |
MEDIUM
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject ar…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-4573
|
2013-11-28 01:30 |
2013-11-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245194
|
4.3 |
MEDIUM
|
splunk
|
splunk
|
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk before 5.0.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-6870
|
2013-11-28 01:19 |
2013-11-26 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245195
|
4.3 |
MEDIUM
|
cisco
|
prime_network_registrar
|
Cross-site scripting (XSS) vulnerability in the web interface in Cisco Prime Network Registrar 8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via a crafted field, aka …
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-3394
|
2013-11-28 00:21 |
2013-11-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245196
|
7.5 |
HIGH
|
nagios
|
nagios_xi
|
SQL injection vulnerability in functions/prepend_adm.php in Nagios Core Config Manager in Nagios XI before 2012R2.4 allows remote attackers to execute arbitrary SQL commands via the tfPassword parame…
|
CWE-89
SQLインジェクション
|
CVE-2013-6875
|
2013-11-27 23:58 |
2013-11-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245197
|
9.3 |
HIGH
|
vortexgroup
|
light_alloy
|
Stack-based buffer overflow in Vortex Light Alloy before 4.7.4 allows remote attackers to execute arbitrary code via a long URL in a .m3u file.
|
CWE-119
バッファエラー
|
CVE-2013-6874
|
2013-11-27 23:49 |
2013-11-27 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245198
|
7.1 |
HIGH
|
sybase
|
adaptive_server_enterprise
|
Unspecified vulnerability in SAP Sybase Adaptive Server Enterprise (ASE) 15.7 before 15.7 SP50 or 15.7 SP100 allows remote attackers to cause a denial of service via unspecified vectors.
|
NVD-CWE-noinfo
|
CVE-2013-6867
|
2013-11-26 12:26 |
2013-11-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245199
|
7.8 |
HIGH
|
sybase
|
adaptive_server_enterprise
|
SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows local users to obtain sensitive information via unsp…
|
CWE-200
情報漏えい
|
CVE-2013-6868
|
2013-11-26 04:53 |
2013-11-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245200
|
9.0 |
HIGH
|
sybase
|
adaptive_server_enterprise
|
SAP Sybase Adaptive Server Enterprise (ASE) 15.0.3 before 15.0.3 ESD#4.3, 15.5 before 15.5 ESD#5.3, and 15.7 before 15.7 SP50 or 15.7 SP100 allows remote authenticated users to execute arbitrary code…
|
CWE-94
コード・インジェクション
|
CVE-2013-6865
|
2013-11-26 04:44 |
2013-11-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|