Code injection

Unspecified vulnerability in HP System Management Homepage SMH before 7.2.1 allows remote authenticated users to cause a denial of service via unknown vectors...

CVE-2013-4819

Unspecified vulnerability in HP IceWall SSO Agent Option 8.0 through 10.0 allows remote authenticated users to obtain sensitive information via unknown vectors...

CVE-2013-4278

The "create an instance" API in OpenStack Compute Nova Folsom, Grizzly, and Havana does not properly enforce the os-flavor-access:ispublic property, which allows remote authenticated users to boot arbitrary flavors by guessing the flavor id. NOTE: this issue is due to an incomplete fix for...

CVE-2013-1033

Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access...

Design/Logic Flaw

Screen Lock in Apple Mac OS X before 10.8.5 does not properly track sessions, which allows remote authenticated users to bypass locking by leveraging screen-sharing access...

UBUNTU-CVE-2013-4340

wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified userID parameter...

CVE-2013-5738

The getallowedmimetypes function in wp-includes/functions.php in WordPress before 3.6.1 does not require the unfilteredhtml capability for uploads of .htm and .html files, which might make it easier for remote authenticated users to conduct cross-site scripting XSS attacks via a crafted file...

CVE-2013-3031

A SQL stored procedure in the Universal Cache component in IBM solidDB 6.0.x before 6.0.1070, 6.3.x before 6.3.0.56, 6.5.x before 6.5.0.12, and 7.0.x before 7.0.0.4 allows remote authenticated users to cause a denial of service uninitialized-memory access and daemon crash via a call that includes...

CVE-2013-3596

AdvancePro Advanceware is affected by CVE-2013-3596. The vulnerability is a privilege bypass that allows remote authenticated users to view order information for other customers by manipulating the id parameter, causing information leakage (CWE-200). The issue arises from insufficient access cont...

Design/Logic Flaw

The web interface in the Intelligent Platform Management Interface IPMI implementation on Supermicro H8DC, H8DG, H8SCM-F, H8SGL-F, H8SM, X7SP, X8DT, X8SI, X9DAX-, X9DB, X9DR, X9QR, X9SBAA-F, X9SC, X9SPU-F, and X9SR devices allows remote authenticated users to execute arbitrary commands via shell...

CVE-2013-3608

The CVE-2013-3608 entry concerns the IPMI web interface in Supermicro devices (e.g., H8DC*/H8DG*/H8SCM-F/H8SGL-F/H8SM*, X7SP*/X8DT*/X8SI*/X9DAX-/X9DB /X9DR*/X9QR*/X9SBAA-F/X9SC*/X9SPU-F/X9SR*) where remote authenticated users can execute arbitrary commands via shell metacharacters in the config_d...

Design/Logic Flaw

Coursemill Learning Management System LMS 6.6 allows remote authenticated users to gain privileges via a modified userid value to unspecified functions...

CVE-2013-3602

SQL injection vulnerability in admindocumentworker.jsp in Coursemill Learning Management System LMS 6.6 allows remote authenticated users to execute arbitrary SQL commands via the docID parameter...

CVE-2012-6599

The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.8 and 4.1.x before 4.1.1 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 33476...

CVE-2012-6600

The device-management command-line interface in Palo Alto Networks PAN-OS 4.0.x before 4.0.9 and 4.1.x before 4.1.2 allows remote authenticated users to execute arbitrary commands via unspecified vectors, aka Ref ID 34502...

CVE-2012-6604

The device-management command-line interface in Palo Alto Networks PAN-OS before 3.1.11 and 4.0.x before 4.0.9 allows remote authenticated users to execute arbitrary code via unspecified vectors, aka Ref ID 35249...

CVE-2012-6594

The CVE-2012-6594 issue affects Palo Alto Networks PAN-OS: PAN-OS versions prior to 3.1.11, 4.0.x prior to 4.0.8, and 4.1.x prior to 4.1.1 are vulnerable. The device-management CLI allows an authenticated, remote administrator to inject arbitrary shell commands via unspecified vectors. This can l...

CVE-2012-6591

Summary: CVE-2012-6591 affects Palo Alto Networks PAN-OS before 3.1.10 and 4.0.x before 4.0.5. The device-management CLI is vulnerable to command injection. Impact: remotely (via authenticated admin) execute arbitrary commands with potentially complete device compromise. Affected versions: PAN-OS...

CVE-2012-6598

Affected product : Palo Alto Networks PAN-OS 4.0.x (prior to 4.0.8). Vulnerability : device-management CLI allows authenticated remote users to execute arbitrary shell commands via unspecified vectors. Root cause / impact : command injection via the management interface could lead to arbitrary co...

CVE-2013-3474

The Web Administrator Interface on Cisco Wireless LAN Controller WLC devices allows remote authenticated users to cause a denial of service device crash by leveraging membership in the Full Manager managers group, Read Only managers group, or Lobby Ambassador managers group, and sending a request...