CVE-2013-4404

cumin in Red Hat Enterprise MRG Grid 2.4 does not properly enforce user roles, which allows remote authenticated users to bypass intended role restrictions and obtain sensitive information or perform privileged operations via unspecified vectors...

CVE-2013-4044

IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote authenticated users to read application log files via a direct HTTP request...

CVE-2013-5426

CVE-2013-5426 affects IBM InfoSphere Master Data Management - Collaborative Edition (11.0, 10.1, 10.0) and IBM InfoSphere Master Data Management Server for Product Information Management (9.0, 9.1). The issue is a session-fixation vulnerability that could allow an authenticated attacker to hijack...

Sql injection

Multiple SQL injection vulnerabilities in /admin/cgi-bin/rpc/doReport/18 in McAfee Email Gateway 7.6 allow remote authenticated users to execute arbitrary SQL commands via the 1 eventscol, 2 eventid, 3 reason, 4 eventsorder, 5 emailstatusorder, or 6 emailstatuscol JSON keys...

Session fixation

The ISL Desktop plugin for Windows before 1.4.7 for ISL Light 3.5.4 and earlier allows remote authenticated users to obtain sensitive information by pasting the clipboard contents that have been copied by another user in the session...

CVE-2013-6237

The CVE-2013-6237 entry concerns the ISL Desktop plugin for Windows prior to version 1.4.7 used with ISL Light 3.5.4 and earlier. The vulnerability allows remote authenticated users in a shared session to obtain sensitive data by pasting clipboard contents copied by another user in the same sessi...

Sql injection

SQL injection vulnerability in the checkuserpassword function in main/auth/profile.php in Chamilo LMS 1.9.6 and earlier, when using the non-encrypted passwords mode set at installation, allows remote authenticated users to execute arbitrary SQL commands via the "password0" parameter...

OpenJDK: insufficient escaping of window title string (Javadoc, 8016675)

Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc...

kernel: dm: dm-snapshot data leak

Interpretation conflict in drivers/md/dm-snap-persistent.c in the Linux kernel through 3.11.6 allows remote authenticated users to obtain sensitive information or modify data via a crafted mapping to a snapshot block device...

Ubuntu 12.04 LTS : linux-lts-saucy vulnerabilities (USN-2042-1)

A flaw was discovered in the Linux kernel's dm snapshot facility. A remote authenticated user could exploit this flaw to obtain sensitive information or modify/corrupt data. CVE-2013-4299 Hannes Frederic Sowa discovered a flaw in the Linux kernel's UDP Fragmenttation Offload UFO. An unprivileged...

CVE-2012-6150

The winbindnamelisttosidstringlist function in nsswitch/pamwinbind.c in Samba through 4.1.2 handles invalid requiremembershipof group names by accepting authentication by any user, which allows remote authenticated users to bypass intended access restrictions in opportunistic circumstances by...

CVE-2013-4524

Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read arbitrary files via a .. dot dot in a path...

CVE-2013-4485

389 Directory Server 1.2.11.15 aka Red Hat Directory Server before 8.2.11-14 allows remote authenticated users to cause a denial of service crash via multiple @ characters in a GER attribute list in a search request...

CVE-2013-4485

389 Directory Server 1.2.11.15 aka Red Hat Directory Server before 8.2.11-14 allows remote authenticated users to cause a denial of service crash via multiple @ characters in a GER attribute list in a search request...

Code injection

Cisco IOS XE 3.8S.2 and earlier does not properly use a DHCP pool during assignment of an IP address, which allows remote authenticated users to cause a denial of service device reload via an AAA packet that triggers an address requirement, aka Bug ID CSCuh04949...

PT-2013-1033 · Oracle +5 · Mysql Server +5

Name of the Vulnerable Software and Affected Versions: Oracle MySQL versions 5.1.71 and earlier Oracle MySQL versions 5.5.33 and earlier Oracle MySQL versions 5.6.13 and earlier Description: The issue is related to the MySQL Server component in Oracle MySQL, specifically the Optimizer subcomponen...

CVE-2013-5730

Multiple cross-site request forgery CSRF vulnerabilities in D-Link DSL-2740B Gateway with firmware EU1.00 allow remote attackers to hijack the authentication of administrators for requests that 1 enable or disable Wireless MAC Address Filters via a wlFltMode action to wlmacflt.cmd, 2 enable or...

CVE-2013-4843

Unspecified vulnerability in HP Integrated Lights-Out 4 iLO4 with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors...

Directory traversal

Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager ELM component in Cisco Unified Communications Manager 9.11 and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222...

CVE-2013-5418

Cross-site scripting XSS vulnerability in the Administrative console in IBM WebSphere Application Server WAS 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...