CVE-2013-3576

CVE-2013-3576 affects HP System Management Homepage (SMH); ginkgosnmp.inc uses the last URL path segment in an exec call, enabling remote authenticated users to execute arbitrary commands via PATH_INFO (e.g., snmhutil/snmpchp.php.en). Impact: remote code execution with full privileges on the HP S...

CVE-2013-1339

The Print Spooler in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows Server 2012, and Windows RT does not properly manage memory during deletion of printer connections, which allows remote authenticated users to execute arbitrary code via a craft...

PT-2013-3094 · Microsoft · Windows Vista Sp2 +7

Name of the Vulnerable Software and Affected Versions: Microsoft Windows Vista SP2 Microsoft Windows Server 2008 SP2 and R2 SP1 Microsoft Windows 7 SP1 Microsoft Windows 8 Microsoft Windows Server 2012 Microsoft Windows RT Description: The issue is related to the Print Spooler in Microsoft Window...

MySQL Server Optimizer Component Unspecified Vulnerability

MySQL is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mysql:mysql"; ifdescription...

CVE-2013-0578

The Sterling Order Management APIs in IBM Sterling Multi-Channel Fulfillment Solution 8.0 before HF128 and IBM Sterling Selling and Fulfillment Foundation 8.5 before HF93, 9.0 before HF73, 9.1.0 before FP45, and 9.2.0 before FP17, when the API tester is enabled, do not require administrative...

CVE-2013-2308

CVE-2013-2308 affects SoftBank Online Service Gate components: the OWA Helper and OSG Lite . The vulnerability allows remote authenticated users to obtain their own Office 365 passwords, thereby bypassing a platform restriction, via unspecified vectors. This is documented in multiple sources (NVD...

CVE-2013-3510

Multiple SQL injection vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote authenticated users to execute arbitrary SQL commands via 1 nedi/html/System-Export.php, 2 nedi/html/Devices-List.php, or 3 the Noma component...

Directory traversal

Directory traversal vulnerability in monarch.cgi in the MONARCH component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to overwrite arbitrary files by leveraging access to the nagios account...

Design/Logic Flaw

html/System-Files.php in the System File Overview feature in the NeDi component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to execute arbitrary commands via vectors involving file editing...

CVE-2013-3510

Multiple SQL injection vulnerabilities in GroundWork Monitor Enterprise 6.7.0 allow remote authenticated users to execute arbitrary SQL commands via 1 nedi/html/System-Export.php, 2 nedi/html/Devices-List.php, or 3 the Noma component...

CVE-2013-3507

The CVE-2013-3507 issue affects GroundWork Monitor Enterprise 6.7.0 via the NeDi component. The vulnerability allows remote authenticated users to disclose sensitive information by directly requesting one of three resources: (1) a configuration file, (2) a database dump, or (3) the Tomcat status ...

CVE-2013-3056

Joomla! 2.5.x before 2.5.10 and 3.0.x before 3.0.4 are affected by CVE-2013-3056 due to inadequate permission checks, enabling remote authenticated users to bypass privileges and delete arbitrary private messages. Root cause: insufficient access control enforcement on message deletion. Impact: un...

DEBIAN-CVE-2013-1846

The moddavsvn Apache HTTPD server module in Subversion 1.6.x before 1.6.21 and 1.7.0 through 1.7.8 allows remote authenticated users to cause a denial of service NULL pointer dereference and crash via a LOCK on an activity URL...

CVE-2013-2944

strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature...

UBUNTU-CVE-2013-2944

strongSwan 4.3.5 through 5.0.3, when using the OpenSSL plugin for ECDSA signature verification, allows remote attackers to authenticate as other users via an invalid signature...

Design/Logic Flaw

The ISHMED-PATREDTRANSACTRFCCALL function in the IS-H Industry-Specific Component Hospital subsystem in SAP Healthcare Industry Solution, and the SAP ERP central component aka ECC 6, allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors...

Design/Logic Flaw

The CPRCTRANSACTIONCALLBYSET function in the Engineering Workbench component in SAP Production Planning and Control allows remote authenticated users to bypass intended transaction restrictions via unspecified vectors...

CVE-2013-3062

CVE-2013-3062 affects SAP Production Planning and Control, specifically the Engineering Workbench component. The vulnerability lies in the function CP_RC_TRANSACTION_CALL_BY_SET, which can allow remote authenticated users to bypass transaction restrictions. Impact is privilege escalation, with a ...

CVE-2013-1428

Stack-based buffer overflow in the receivetcppacket function in netpacket.c in tinc before 1.0.21 and 1.1 before 1.1pre7 allows remote authenticated peers to cause a denial of service crash or possibly execute arbitrary code via a large TCP packet...

mysql: unspecified vulnerability related to Server (CPU April 2013)

Unspecified vulnerability in Oracle MySQL 5.1.67 and earlier and 5.5.29 and earlier allows remote authenticated users to affect confidentiality, integrity, and availability via unknown vectors...