245201
|
6.8 |
MEDIUM
|
mozilla
|
bugzilla
|
Cross-site request forgery (CSRF) vulnerability in process_bug.cgi in Bugzilla 4.4.x before 4.4.1 allows remote attackers to hijack the authentication of arbitrary users for requests that modify bugs…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2013-1733
|
2013-10-25 08:29 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245202
|
4.3 |
MEDIUM
|
mozilla
|
bugzilla
|
Multiple cross-site scripting (XSS) vulnerabilities in editflagtypes.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allow remote att…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-1742
|
2013-10-25 08:29 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245203
|
4.3 |
MEDIUM
|
mozilla
|
bugzilla
|
Multiple cross-site scripting (XSS) vulnerabilities in report.cgi in Bugzilla 4.1.x and 4.2.x before 4.2.7 and 4.3.x and 4.4.x before 4.4.1 allow remote attackers to inject arbitrary web script or HT…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-1743
|
2013-10-25 08:28 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245204
|
5.0 |
MEDIUM
|
apple
|
safari
|
WebKit in Apple Safari before 6.1 disables the Private Browsing feature upon a launch of the Web Inspector, which makes it easier for context-dependent attackers to obtain browsing information by lev…
|
CWE-200
情報漏えい
|
CVE-2013-5130
|
2013-10-25 08:24 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245205
|
5.0 |
MEDIUM
|
cisco
|
secure_access_control_system
|
Cisco Secure Access Control System (ACS) does not properly implement an incoming-packet firewall rule, which allows remote attackers to cause a denial of service (process crash) via a flood of crafte…
|
CWE-20
不適切な入力確認
|
CVE-2013-5536
|
2013-10-25 08:23 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245206
|
7.2 |
HIGH
|
apple
|
keynote
|
Apple Keynote before 6.0 does not properly handle the interaction between Keynote presentation mode and the Screen Lock implementation, which allows physically proximate attackers to obtain access by…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5148
|
2013-10-25 03:24 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245207
|
6.8 |
MEDIUM
|
apple
|
os_x_server
|
The RADIUS service in Server App in Apple OS X Server before 3.0 selects a fallback X.509 certificate in unspecified circumstances, which might allow man-in-the-middle attackers to hijack RADIUS sess…
|
NVD-CWE-Other
|
CVE-2013-5143
|
2013-10-25 01:59 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245208
|
6.8 |
MEDIUM
|
mozilla
|
bugzilla
|
Cross-site request forgery (CSRF) vulnerability in attachment.cgi in Bugzilla 2.x, 3.x, and 4.0.x before 4.0.11; 4.1.x and 4.2.x before 4.2.7; and 4.3.x and 4.4.x before 4.4.1 allows remote attackers…
|
CWE-352
同一生成元ポリシー違反
|
CVE-2013-1734
|
2013-10-25 01:35 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245209
|
4.3 |
MEDIUM
|
apple
|
mac_os_x
|
Smart Card Services in Apple Mac OS X before 10.9 does not properly implement certificate-revocation checks, which allows remote attackers to cause a denial of service (Smart Card usage outage) by in…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5190
|
2013-10-25 01:19 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245210
|
5.0 |
MEDIUM
|
dell
|
quest_one_password_manager
|
The Dell Quest One Password Manager, possibly 5.0, allows remote attackers to bypass CAPTCHA protections and obtain sensitive information (user's full name) by sending a login request with a valid do…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-6246
|
2013-10-25 01:18 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245211
|
4.9 |
MEDIUM
|
apple
|
mac_os_x
|
The USB hub controller in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a request with a crafted (1) port or (2) port number.
|
CWE-20
不適切な入力確認
|
CVE-2013-5192
|
2013-10-25 01:10 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245212
|
2.1 |
LOW
|
apple
|
mac_os_x
|
The syslog implementation in Apple Mac OS X before 10.9 allows local users to obtain sensitive information by leveraging access to the Guest account and reading console-log messages from previous Gue…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5191
|
2013-10-25 01:05 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245213
|
4.0 |
MEDIUM
|
apple
|
mac_os_x
|
The Screen Lock implementation in Apple Mac OS X before 10.9, when hibernation and autologin are enabled, does not require a password for a transition out of hibernation, which allows physically prox…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5188
|
2013-10-25 00:51 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245214
|
1.9 |
LOW
|
apple
|
mac_os_x
|
The Screen Lock implementation in Apple Mac OS X before 10.9 does not immediately accept Keychain Status menu Lock Screen commands, and instead incorrectly relies on a certain timeout setting, which …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5187
|
2013-10-25 00:45 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245215
|
4.9 |
MEDIUM
|
apple
|
mac_os_x
|
Integer signedness error in the kernel in Apple Mac OS X before 10.9 allows local users to cause a denial of service (system crash) via a crafted tty read operation.
|
CWE-189
数値処理の問題
|
CVE-2013-5174
|
2013-10-25 00:17 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245216
|
7.1 |
HIGH
|
apple
|
mac_os_x
|
The kernel in Apple Mac OS X before 10.9 does not properly determine the output length for SHA-2 digest function calls, which allows context-dependent attackers to cause a denial of service (panic) b…
|
CWE-189
数値処理の問題
|
CVE-2013-5172
|
2013-10-25 00:09 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245217
|
3.3 |
LOW
|
apple
|
mac_os_x
|
CoreGraphics in Apple Mac OS X before 10.9 allows local users to bypass secure input mode and log an arbitrary application's keystrokes via a hotkey event registration.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5171
|
2013-10-25 00:06 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245218
|
5.0 |
MEDIUM
|
apple
|
mac_os_x
|
CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users vi…
|
CWE-16
環境設定
|
CVE-2013-5167
|
2013-10-24 23:54 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245219
|
4.9 |
MEDIUM
|
apple
|
mac_os_x
|
The Bluetooth USB host controller in Apple Mac OS X before 10.9 prematurely deletes interfaces, which allows local users to cause a denial of service (system crash) via a crafted application.
|
NVD-CWE-noinfo
|
CVE-2013-5166
|
2013-10-24 23:43 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245220
|
3.3 |
LOW
|
apple
|
iphone_os
|
Multiple race conditions in the Phone app in Apple iOS before 7.0.3 allow physically proximate attackers to bypass the locked state, and dial the telephone numbers in arbitrary Contacts entries, by v…
|
CWE-362
競合状態
|
CVE-2013-5164
|
2013-10-24 23:40 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245221
|
2.1 |
LOW
|
apple
|
iphone_os
|
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass the passcode-failure disabled state by leveraging certain incorrect visibility of the passcod…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5162
|
2013-10-24 23:27 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245222
|
3.3 |
LOW
|
apple
|
iphone_os
|
Passcode Lock in Apple iOS before 7.0.3 on iPhone devices allows physically proximate attackers to bypass an intended passcode requirement, and dial arbitrary telephone numbers, by tapping the emerge…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5144
|
2013-10-24 23:15 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245223
|
5.0 |
MEDIUM
|
apache
|
shindig
|
The gadget renderer in Apache Shindig 2.5.0 for PHP allows remote attackers to obtain sensitive information via an XML document containing an external entity declaration in conjunction with an entity…
|
CWE-200
情報漏えい
|
CVE-2013-4295
|
2013-10-24 22:57 |
2013-10-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245224
|
6.9 |
MEDIUM
|
freebsd
|
freebsd
|
The (1) IPv6 and (2) ATM ioctl request handlers in the kernel in FreeBSD 8.3 through 9.2-STABLE do not validate SIOCSIFADDR, SIOCSIFBRDADDR, SIOCSIFDSTADDR, and SIOCSIFNETMASK requests, which allows …
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5691
|
2013-10-24 12:48 |
2013-09-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245225
|
3.7 |
LOW
|
freebsd
|
freebsd
|
The nullfs implementation in sys/fs/nullfs/null_vnops.c in the kernel in FreeBSD 8.3 through 9.2 allows local users with certain permissions to bypass access restrictions via a hardlink in a nullfs i…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5710
|
2013-10-24 12:48 |
2013-09-24 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245226
|
4.3 |
MEDIUM
|
oracle
|
enterprise_manager_database_control enterprise_manager_grid_control enterprise_manager_plugin_for_database_control
|
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.…
|
NVD-CWE-noinfo
|
CVE-2013-5766
|
2013-10-24 12:48 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245227
|
4.3 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Containers for J2EE component in Oracle Fusion Middleware 10.1.3.5.0 allows remote attackers to affect integrity via unknown vectors related to Servlet Runtime.
|
NVD-CWE-noinfo
|
CVE-2013-5773
|
2013-10-24 12:48 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245228
|
4.3 |
MEDIUM
|
oracle
|
fusion_middleware
|
Per: http://www.oracle.com/technetwork/topics/security/cpuoct2013-1899837.html
"Please refer to MOS note https://support.oracle.com/epmos/faces/DocumentDisplay?id=1586861.1 for configuration."
|
NVD-CWE-noinfo
|
CVE-2013-5773
|
2013-10-24 12:48 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245229
|
4.3 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Identity Manager component in Oracle Fusion Middleware 11.1.2.0.0 and 11.1.2.1.0 allows remote attackers to affect integrity via unknown vectors related to End…
|
NVD-CWE-noinfo
|
CVE-2013-5798
|
2013-10-24 12:48 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245230
|
7.5 |
HIGH
|
oracle
|
identity_analytics sun_role_manager
|
Unspecified vulnerability in the Oracle Identity Analytics component in Oracle Fusion Middleware Oracle Identity Analytics 11.1.1.5 and Sun Role Manager 4.1 and 5.0 allows remote attackers to affect …
|
NVD-CWE-noinfo
|
CVE-2013-5815
|
2013-10-24 12:48 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245231
|
4.3 |
MEDIUM
|
oracle
|
enterprise_manager_plugin_for_database_control enterprise_manager_grid_control enterprise_manager_database_control
|
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.…
|
NVD-CWE-noinfo
|
CVE-2013-5827
|
2013-10-24 12:48 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245232
|
4.3 |
MEDIUM
|
oracle
|
enterprise_manager_database_control enterprise_manager_grid_control enterprise_manager_plugin_for_database_control
|
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.…
|
NVD-CWE-noinfo
|
CVE-2013-5828
|
2013-10-24 12:48 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245233
|
4.3 |
MEDIUM
|
oracle
|
enterprise_manager_grid_control enterprise_manager_plugin_for_database_control enterprise_manager_database_control
|
Unspecified vulnerability in the Enterprise Manager Base Platform component in Oracle Enterprise Manager Grid Control EM Base Platform 10.2.0.5 and 11.1.0.1; EM DB Control 11.1.0.7, 11.2.0.2, and 11.…
|
NVD-CWE-noinfo
|
CVE-2013-3762
|
2013-10-24 12:47 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245234
|
5.0 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Web Services component in Oracle Fusion Middleware 10.1.3.5.0 and 11.1.1.6.0 allows remote attackers to affect confidentiality via unknown vectors related to T…
|
NVD-CWE-noinfo
|
CVE-2013-3828
|
2013-10-24 12:47 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245235
|
5.5 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Portal component in Oracle Fusion Middleware 11.1.1.6.0 allows remote authenticated users to affect confidentiality and integrity via unknown vectors related t…
|
NVD-CWE-noinfo
|
CVE-2013-3831
|
2013-10-24 12:47 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245236
|
4.3 |
MEDIUM
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Access Manager component in Oracle Fusion Middleware 11.1.1.5.0 and 11.1.2.0.0 allows remote attackers to affect integrity via unknown vectors related to Authe…
|
NVD-CWE-noinfo
|
CVE-2013-3833
|
2013-10-24 12:47 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245237
|
3.5 |
LOW
|
oracle
|
fusion_middleware
|
Unspecified vulnerability in the Oracle Web Cache component in Oracle Fusion Middleware 11.1.1.6 and 11.1.1.7 allows remote authenticated users to affect confidentiality via vectors related to ESI/Pa…
|
NVD-CWE-noinfo
|
CVE-2013-3836
|
2013-10-24 12:47 |
2013-10-17 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245238
|
5.1 |
MEDIUM
|
vmware
|
springsource_spring_security
|
Race condition in the RunAsManager mechanism in VMware SpringSource Spring Security before 2.0.7 and 3.0.x before 3.0.6 stores the Authentication object in the shared security context, which allows a…
|
CWE-362
競合状態
|
CVE-2011-2731
|
2013-10-24 12:32 |
2012-12-6 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245239
|
4.0 |
MEDIUM
|
polarssl
|
polarssl
|
The Diffie-Hellman key-exchange implementation in dhm.c in PolarSSL before 0.14.2 does not properly validate a public parameter, which makes it easier for man-in-the-middle attackers to obtain the sh…
|
CWE-310
暗号の問題
|
CVE-2011-1923
|
2013-10-24 12:31 |
2012-06-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245240
|
5.0 |
MEDIUM
|
perl
|
perl
|
Integer overflow in the regular expression engine in Perl 5.8.x allows context-dependent attackers to cause a denial of service (stack consumption and application crash) by matching a crafted regular…
|
CWE-189
数値処理の問題
|
CVE-2010-1158
|
2013-10-24 12:22 |
2010-04-21 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245241
|
7.2 |
HIGH
|
larry_wall
|
perl
|
Untrusted search path vulnerability in Perl before 5.8.7-r1 on Gentoo Linux allows local users in the portage group to gain privileges via a malicious shared object in the Portage temporary build dir…
|
NVD-CWE-Other
|
CVE-2005-4278
|
2013-10-24 10:56 |
2005-12-16 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245242
|
6.8 |
MEDIUM
|
draytek
|
vigor_2700_router_firmware vigor_2700_router
|
The DrayTek Vigor 2700 router 2.8.3 allows remote attackers to execute arbitrary JavaScript code, and modify settings or the DNS cache, via a crafted SSID value that is not properly handled during in…
|
CWE-78
OSコマンド・インジェクション
|
CVE-2013-5703
|
2013-10-23 12:22 |
2013-10-23 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245243
|
2.6 |
LOW
|
apple
|
iphone_os
|
IOKit in Apple iOS before 7 allows attackers to send user-interface events to the foreground app by leveraging control over a background app and using the (1) task-completion API or (2) VoIP API.
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5137
|
2013-10-23 05:04 |
2013-09-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245244
|
7.8 |
HIGH
|
apple
|
iphone_os
|
The kernel in Apple iOS before 7 allows remote attackers to cause a denial of service (assertion failure and device restart) via an invalid packet fragment.
|
CWE-20
不適切な入力確認
|
CVE-2013-5140
|
2013-10-23 04:59 |
2013-09-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245245
|
4.3 |
MEDIUM
|
apple
|
iphone_os
|
Mobile Safari in Apple iOS before 7 does not prevent HTML interpretation of a document served with a text/plain content type, which allows remote attackers to conduct cross-site scripting (XSS) attac…
|
CWE-79
クロスサイト・スクリプティング(XSS)
|
CVE-2013-5151
|
2013-10-23 04:53 |
2013-09-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245246
|
7.1 |
HIGH
|
apple
|
iphone_os
|
The Sandbox subsystem in Apple iOS before 7 allows attackers to cause a denial of service (infinite loop) via an application that writes crafted values to /dev/random.
|
CWE-20
不適切な入力確認
|
CVE-2013-5155
|
2013-10-23 04:52 |
2013-09-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245247
|
4.3 |
MEDIUM
|
apple
|
iphone_os
|
The Telephony subsystem in Apple iOS before 7 does not require API conformity for access to telephony-daemon interfaces, which allows attackers to bypass intended restrictions on phone calls via a cr…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5156
|
2013-10-23 04:52 |
2013-09-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245248
|
5.0 |
MEDIUM
|
apple
|
iphone_os
|
The Twitter subsystem in Apple iOS before 7 does not require API conformity for access to Twitter daemon interfaces, which allows attackers to post Tweets via a crafted app that sends direct requests…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5157
|
2013-10-23 04:26 |
2013-09-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245249
|
2.1 |
LOW
|
apple
|
iphone_os
|
The Social subsystem in Apple iOS before 7 does not properly restrict access to the cache of Twitter icons, which allows physically proximate attackers to obtain sensitive information about recent Tw…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5158
|
2013-10-23 04:22 |
2013-09-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|
245250
|
4.3 |
MEDIUM
|
apple
|
iphone_os
|
WebKit in Apple iOS before 7 allows remote attackers to bypass the Same Origin Policy and obtain potentially sensitive information about use of the window.webkitRequestAnimationFrame API via an IFRAM…
|
CWE-264
認可・権限・アクセス制御
|
CVE-2013-5159
|
2013-10-23 04:20 |
2013-09-19 |
表示
|
GitHub
Exploit DB
Packet Storm
|
|