4425 matches found
CVE-2013-4843
Unspecified vulnerability in HP Integrated Lights-Out 4 iLO4 with firmware before 1.32 allows remote authenticated users to obtain sensitive information via unknown vectors...
Directory traversal
Directory traversal vulnerability in the license-upload interface in the Enterprise License Manager ELM component in Cisco Unified Communications Manager 9.11 and earlier allows remote authenticated users to create arbitrary files via a crafted path, aka Bug ID CSCui58222...
CVE-2013-5418
Cross-site scripting XSS vulnerability in the Administrative console in IBM WebSphere Application Server WAS 7.0 before 7.0.0.31, 8.0 before 8.0.0.8, and 8.5 before 8.5.5.1 allows remote authenticated users to inject arbitrary web script or HTML via a crafted URL...
CVE-2013-3406
The "Files Available for Download" implementation in the Cisco Intelligent Automation for Cloud component in Cisco Services Portal 9.41 allows remote authenticated users to read arbitrary files via a crafted request, aka Bug ID CSCug65687...
CVE-2013-4843
HP Integrated Lights-Out 4 (iLO4) vulnerability CVE-2013-4843 affects firmware before 1.32. Remote authenticated users may disclose sensitive information via unknown vectors over the network; impact is information disclosure with no confidentiality/integrity changes stated. HP's security bulletin...
CVE-2013-3406
The CVE-2013-3406 issue affects Cisco Services Portal’s Cisco Intelligent Automation for Cloud component (9.4(1)). The vulnerability, tracked as Bug CSCug65687, allows remote authenticated users to read arbitrary files via crafted requests due to insufficient server-side input validation in the "...
Code injection
The Enterprise Meeting Server in IBM Lotus Sametime 8.5.2 and 8.5.2.1 allows remote authenticated users to spoof the origin of chat messages, or compose anonymous chat messages, by leveraging meeting-attendance privileges...
CVE-2013-3045
IBM Lotus Sametime Enterprise Meeting Server versions 8.5.2 and 8.5.2.1 are described as vulnerable to remote-authenticated users who can share crafted links via the Library function. The available documents identify the affected product and feature but do not disclose the underlying root cause d...
CVE-2013-4050
IBM Domino Web Administrator (webadmin.nsf) on Domino 8.5.x and 9.0.x is affected by a Cross-Site Request Forgery (CSRF) vulnerability that allows a remote authenticated user to hijack the authentication of unspecified victims via unknown vectors. The initial sources do not provide a concrete exp...
CVE-2013-4987
CVE-2013-4987 affects PineApp Mail-SeCure pre-3.70. It is a local privilege-escalation via an access-control failure: a non-privileged user can obtain a root shell by sending a crafted command in the Mail-SeCure console (example: pa_cli system ping /bin/sh). Root access is achieved locally; all v...
OpenJDK: insufficient escaping of window title string (Javadoc, 8016675)
Unspecified vulnerability in Oracle Java SE 7u40 and earlier, Java SE 6u60 and earlier, Java SE 5.0u51 and earlier, JRockit R28.2.8 and earlier, JRockit R27.7.6 and earlier, and JavaFX 2.2.40 and earlier allows remote authenticated users to affect integrity via unknown vectors related to Javadoc...
CVE-2013-4439
Salt aka SaltStack before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key...
PYSEC-2013-12
Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...
CVE-2013-4435
Salt aka SaltStack 0.15.0 through 0.17.0 allows remote authenticated users who are using external authentication or client ACL to execute restricted routines by embedding the routine in another routine...
CVE-2013-4439
Salt aka SaltStack before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key...
CVE-2013-4435
Salt (SaltStack) CVE-2013-4435 affects versions 0.15.0–0.17.0 where remote authenticated users with external authentication or client ACLs can embed a routine inside another to execute restricted routines. The vulnerability stems from insufficient access control/argument handling in multiple modu...
CVE-2013-4439
Salt (SaltStack) before 0.15.0 through 0.17.0 allows remote authenticated minions to impersonate arbitrary minions via a crafted minion with a valid key. Affected versions: up to 0.17.0. Impact: impersonation by an authenticated minion. Remediation: upgrade to 0.17.1 or later (e.g., Fedora adviso...
CVE-2013-3285
The NetWorker Management Console NMC in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via 1 unspecified NMC audit reports or 2 requests to RAP resources...
Authentication flaw
The NetWorker Management Console NMC in EMC NetWorker 8.0.x before 8.0.2.3, when using Active Directory/LDAP for authentication, allows remote authenticated users to discover cleartext administrator passwords via 1 unspecified NMC audit reports or 2 requests to RAP resources...
DEBIAN-CVE-2013-4185
Algorithmic complexity vulnerability in OpenStack Compute Nova before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service nova-network consumption via a large number of...