CVE-2013-3805

Disclaimer: This data contains information about vulnerable...

CVE-2013-3801

CVE-2013-3801 affects the MySQL Server component in Oracle MySQL 5.5.30 and earlier and 5.6.10. It is described as an unspecified vulnerability that remote authenticated users can exploit to affect availability via unknown vectors related to Server Options. The connected Nessus entries confirm mu...

CVE-2013-3795

CVE-2013-3795 concerns the MySQL Server (Oracle MySQL) before or at 5.6.11 with a Data Manipulation Language related issue allowing a remote authenticated user to affect availability. Connected sources provide concrete technical details: multiple PT Security advisories describe related MySQL Serv...

CVE-2013-3804

Unspecified vulnerability in the MySQL Server component in Oracle MySQL 5.1.69 and earlier, 5.5.31 and earlier, and 5.6.11 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer...

CVE-2013-0245

The printer friendly version functionality in the Book module in Drupal 6.x before 6.28 and 7.x before 7.19 does not properly restrict access to node that are part of a book outline, which allows remote authenticated users with the "access printer-friendly version" permission to read node titles...

Design/Logic Flaw

The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors...

CVE-2013-2122

The Edit Limit module 7.x-1.x before 7.x-1.3 for Drupal does not properly restrict access to comments, which allows remote authenticated users with the "edit comments" permission to edit arbitrary comments of other users via unspecified vectors...

CVE-2013-0245

CVE-2013-0245 affects Drupal 6.x prior to 6.28 and 7.x prior to 7.19, where the printer-friendly version feature in the Book module does not properly restrict access to nodes in a book outline. Remote authenticated users with the “access printer-friendly version” permission can read node titles a...

CVE-2013-3428

The web interface in Cisco Secure Access Control System ACS does not properly suppress error-condition details, which allows remote authenticated users to obtain sensitive information via an unspecified request that triggers an error, aka Bug ID CSCue65957...

CVE-2013-3418

CVE-2013-3418 affects Cisco Unified Communications Domain Manager. The issue arises from improper memory allocation when handling crafted HTTP GET/POST requests to the management interface, allowing an authenticated remote attacker to exhaust memory and crash multiple processes, potentially takin...

CVE-2013-2200

WordPress before 3.5.2 does not properly check the capabilities of roles, which allows remote authenticated users to bypass intended restrictions on publishing and authorship reassignment via unspecified vectors...

Code injection

IBM Sterling B2B Integrator 5.1 and 5.2 and Sterling File Gateway 2.1 and 2.2 allow remote authenticated users to upload arbitrary files via unspecified vectors...

CVE-2013-3020

CVE-2013-3020 is an Information Disclosure vulnerability in IBM Sterling B2B Integrator (versions 5.1/5.2/5.0) and IBM Sterling File Gateway (versions 2.1/2.2/2.0). The IBM bulletin attributes this to disclosure of application implementation details via unspecified vectors. Affected products/vers...

CVE-2013-2983

CVE-2013-2983 is an XSS vulnerability affecting IBM Sterling B2B Integrator (versions 5.0–5.2) and IBM Sterling File Gateway (versions 2.0–2.2). The cross-site scripting flaw could allow a remote authenticated user to inject arbitrary web script or HTML via unspecified vectors. The connected IBM ...

Design/Logic Flaw

The Key Management feature in the SecureSphere Operations Manager SOM Management Server in Imperva SecureSphere 9.0.0.5 allows remote authenticated users to upload executable files via the 1 privatekey or 2 publickey parameter in a T/keyManagement request to plain/settings.html, as demonstrated b...

Design/Logic Flaw

HP SQL/MX 3.2 and earlier on NonStop servers, when SQL/MP Objects are used, allows remote authenticated users to obtain sensitive information via unspecified vectors, aka the "SQL/MP index" issue...

Foreman: app/controllers/users_controller.rb arbitrary admin user creation due to mass assignment

The create method in app/controllers/userscontroller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by 1 changing the admin flag or 2 assigning an arbitrary role...

CVE-2013-1393

Cross-site scripting XSS vulnerability in the CurvyCorners module 6.x-1.x and 7.x-1.x for Drupal allows remote authenticated users with the "administer curvycorners" permission to inject arbitrary web script or HTML via unspecified vectors...

RUCKUS ADVISORY ID 031813-2: User authentication bypass vulnerability in ZoneDirector administrative web interface

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 RUCKUS ADVISORY ID 031813-2 Customer release date: March 25, 2013 Public release date: May 27, 2013 TITLE User authentication bypass vulnerability in ZoneDirector administrative web interface SUMMARY An user authentication bypass vulnerability has bee...

CVE-2013-3959

The CVE-2013-3959 issue affects Siemens WinCC Web Navigator (before 7.2 Update 1, used in SIMATIC PCS7 8.0 SP1 and earlier). The root cause is improper handling of NetBIOS user name checks via crafted URL parameters, allowing remote authenticated users to enumerate valid user names (forced browsi...