CVE-2013-5525

SQL injection vulnerability in the web framework in Cisco Identity Services Engine ISE 1.2 and earlier allows remote authenticated users to execute arbitrary SQL commands via unspecified vectors, aka Bug ID CSCug90502...

[security bulletin] HPSBGN02930 rev.1 - HP Intelligent Management Center(iMC) and HP IMC Service Operation Management Software Module, Remote Authentication Bypass, Disclosure of Information, Unauthorized Access, SQL Injection

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Note: the current version of the following document is available here: https://h20564.www2.hp.com/portal/site/hpsc/public/kb/ docDisplay?docId=emrna-c03943547 SUPPORT COMMUNICATION - SECURITY BULLETIN Document ID: c03943547 Version: 1 HPSBGN02930 rev....

VulnCheck KEV: CVE-2013-5576

administrator/components/commedia/helpers/media.php in the media manager in Joomla! 2.5.x before 2.5.14 and 3.x before 3.1.5 allows remote authenticated users or remote attackers to bypass intended access restrictions and upload files with dangerous extensions via a filename with a trailing...

CVE-2012-4090

The management interface in Cisco NX-OS on Nexus 7000 devices allows remote authenticated users to obtain sensitive configuration-file information by leveraging the network-operator role, aka Bug ID CSCti09089...

CVE-2012-4090

CVE-2012-4090 affects Cisco NX-OS Software on Nexus 7000 devices. The vulnerability arises from improper sanitization of configuration files that are viewable by users with the network-operator role via the management interface. As a result, remote authenticated users could obtain sensitive confi...

AZL-6692 CVE-2012-5627 affecting package mysql for versions less than 8.0.24-1

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the changeuser command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks...

UBUNTU-CVE-2012-5627

Oracle MySQL and MariaDB 5.5.x before 5.5.29, 5.3.x before 5.3.12, and 5.2.x before 5.2.14 does not modify the salt during multiple executions of the changeuser command within the same connection which makes it easier for remote authenticated users to conduct brute force password guessing attacks...

CVE-2012-5627

CVE-2012-5627 affects Oracle MySQL and MariaDB where the salt is not changed during multiple executions of the CHANGE_USER command within the same MySQL/MariaDB connection. This allows remote authenticated users to more easily brute-force passwords. Affected versions include MySQL/MariaDB: 5.5.x ...

CVE-2013-5382

IBM Maximo Asset Management 6.2 through 6.2.8, 7.1 before 7.1.1.12, and 7.5 before 7.5.0.5 allows remote authenticated users to gain privileges via unspecified vectors, a different vulnerability than CVE-2013-5383...

CVE-2013-5383

CVE-2013-5383 affects IBM Maximo Asset Management and related products (7.5, 7.1, 6.2 families; including Essentials and various industry solutions) with remote authenticated privilege escalation via unspecified vectors. The IBM Security Flash (Sept 2013) enumerates affected releases and provides...

CVE-2013-3971

IBM Maximo Asset Management 7.1 through 7.1.1.12 and 7.5 before 7.5.0.5 allows remote authenticated users to bypass intended access restrictions via unspecified vectors, a different vulnerability than CVE-2013-3049...

CVE-2013-5516

The Media Snapshot implementation on Cisco TelePresence Multipoint Switch CTMS devices allows remote authenticated users to cause a denial of service device reload by sending many Media Snapshot requests at the time of a meeting termination, aka Bug ID CSCuh44796...

PT-2013-3452 · Mongodb · Mongodb

Name of the Vulnerable Software and Affected Versions: MongoDB versions prior to 2.0.9 MongoDB versions 2.2.x prior to 2.2.4 Description: The issue is related to improper validation of requests to the nativeHelper function in SpiderMonkey. This allows remote authenticated users to cause a denial ...

CVE-2013-4297

The virFileNBDDeviceAssociate function in util/virfile.c in libvirt 1.1.2 and earlier allows remote authenticated users to cause a denial of service uninitialized pointer dereference and crash via unspecified vectors...

CVE-2013-4222

OpenStack Identity Keystone Folsom, Grizzly 2013.1.3 and earlier, and Havana before havana-3 does not properly revoke user tokens when a tenant is disabled, which allows remote authenticated users to retain access via the token...

CVE-2013-5692

CVE-2013-5692 affects X2CRM/X2Engine before 3.5. A PHP file inclusion flaw arises from insufficient sanitization of the file parameter in /index.php/admin/translationManager, allowing a remote authenticated administrator to traverse directories and include/execute local files. Public details conf...

Authentication flaw

The Baseboard Management Controller BMC in Cisco Unified Computing System UCS does not properly handle SSH escape sequences, which allows remote authenticated users to bypass an unspecified authentication step via SSH port forwarding, aka Bug ID CSCtg17656...

Unrestricted file upload

The mobile-upload feature in Esri ArcGIS for Server 10.1 through 10.2 allows remote authenticated users to upload .exe files by leveraging 1 publisher or 2 administrator privileges...

CVE-2013-5221

The CVE-2013-5221 issue affects Esri ArcGIS for Server (versions 10.1–10.2) via the mobile-upload feature. Remote authenticated users who have publisher or administrator privileges can upload executable (.exe) files, representing an unrestricted file upload risk. The reported impact is limited to...

CVE-2013-4821

Unspecified vulnerability in HP System Management Homepage SMH before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors...