CVE-2013-1963

The CVE-2013-1963 entry describes a vulnerability in the ownCloud Contacts app where ownership of contacts is not properly enforced, allowing remote authenticated users to download arbitrary contacts via unspecified vectors. Affected versions are ownCloud before 4.5.10 and 5.x before 5.0.5. The u...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the 1 sitename or 2 siteurl parameter to apps/external/ajax/setsites.php...

389-ds: flaw in parsing authzid can lead to privilege escalation

The SASL authentication functionality in 389 Directory Server before 1.2.11.26 allows remote authenticated users to connect as an arbitrary user and gain privileges via the authzid parameter in a SASL/GSSAPI bind...

PYSEC-2014-61

memberportrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors...

PYSEC-2014-56

sendto.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to spoof emails via unspecified vectors...

CVE-2013-4197

Plone CVE-2013-4197 affects member_portrait.py in Plone 2.1–4.1, 4.2.x–4.2.5, and 4.3.x–4.3.1. The issue allows remote authenticated users to modify or delete portraits of other users via unspecified vectors due to an access-control weakness. No exploitation details or direct fix are provided in ...

CVE-2014-0899

ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition aka WPAR for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and modify arbitrary files via FTP commands...

Command injection

ftpd in IBM AIX 7.1.1 before SP10 and 7.1.2 before SP5, when a Workload Partition aka WPAR for AIX 5.2 or 5.3 is used, allows remote authenticated users to bypass intended permission settings and modify arbitrary files via FTP commands...

UBUNTU-CVE-2013-2046

SQL injection vulnerability in lib/bookmarks.php in ownCloud Server 4.5.x before 4.5.11 and 5.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

CVE-2013-2045

SQL injection vulnerability in lib/db.php in ownCloud Server 5.0.x before 5.0.6 allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors...

CVE-2012-6619

The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service crash or read system memory via a crafted BSON object in the column name in an insert command, which triggers a buffer over-read...

CVE-2013-6720

Directory traversal vulnerability in download.php in the Passive Capture Application PCA web console in IBM Tealeaf CX 7.x, 8.x through 8.6, 8.7 before FP2, and 8.8 before FP2 allows remote authenticated users to bypass intended access restrictions via a .. dot dot in the log parameter, as...

CVE-2013-6720

CVE-2013-6720 is a Local File Inclusion vulnerability in the IBM Tealeaf CX Passive Capture Application (PCA) web console (PHP) affecting builds 3611/3620 and possibly other 8.x versions. The issue allows a remote authenticated user to bypass access restrictions via a …/ log parameter, enabling d...

CVE-2014-2238

SQL injection vulnerability in the manage configuration page admconfigreport.php in MantisBT 1.2.13 through 1.2.16 allows remote authenticated administrators to execute arbitrary SQL commands via the filterconfigid parameter...

CVE-2013-6319

IBM Algo One, as used in MetaData Management Tools in UDS 4.7.0 through 5.0.0, ACSWeb in Algo Security Access Control Management 4.7.0 through 4.9.0, and ACSWeb in AlgoWebApps 5.0.0, allows remote authenticated users to bypass intended access restrictions and read content via unspecified vectors...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in the 1 callbackmulticheck, 2 callbackradio, and 3 callbackwysiwygin functions in mfrhclass.settings-api.php in the Media File Renamer plugin 1.7.0 for WordPress allow remote authenticated users with permissions to add media or edit media to inje...

postgresql: stack-based buffer overflow in datetime input/output

Multiple stack-based buffer overflows in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to cause a denial of service crash or possibly execute arbitrary code via vectors related to an incorrect...

postgresql: privilege escalation via procedural language validator functions

The validator functions for the procedural languages PLs in PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 allow remote authenticated users to gain privileges via a function that is 1 defined in another language or 2 not allowed to b...

Code injection

Cisco Unified Contact Center Express Unified CCX does not properly restrict the content of the CCMConfig page, which allows remote authenticated users to obtain sensitive information by examining this content, aka Bug ID CSCum95575...

Code injection

Cybozu Garoon 2.x through 2.5.4 and 3.x through 3.7 SP3 does not properly manage sessions, which allows remote authenticated users to impersonate arbitrary users via unspecified vectors...