PT-2013-3188 · Oracle +3 · Mysql Server +3

Name of the Vulnerable Software and Affected Versions: Oracle MySQL versions 5.1.67 and earlier Oracle MySQL versions 5.5.29 and earlier Oracle MySQL versions 5.6.10 and earlier Description: The issue affects the availability of the system, allowing remote authenticated users to exploit it via...

UBUNTU-CVE-2013-1836

Moodle 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 does not properly manage privileges for WebDAV repositories, which allows remote authenticated users to read, modify, or delete arbitrary site-wide repositories by leveraging certain read access...

CVE-2013-1656

Spree Commerce 1.0.x through 1.3.2 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the 1 paymentmethod parameter to core/app/controllers/spree/admin/paymentmethodscontroller.rb; and the 2 promotionaction parameter to...

Code injection

Spree Commerce 1.0.x through 1.3.2 allows remote authenticated administrators to instantiate arbitrary Ruby objects and execute arbitrary commands via the 1 paymentmethod parameter to core/app/controllers/spree/admin/paymentmethodscontroller.rb; and the 2 promotionaction parameter to...

Design/Logic Flaw

app/models/spree/user.rb in spreeauthdevise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves...

VulnCheck KEV: CVE-2017-16959

The locale feature in cgi-bin/luci on TP-Link TL-WVR, TL-WAR, TL-ER, and TL-R devices allows remote authenticated users to test for the existence of arbitrary files by making an operation=write;locale=%0d request, and then making an operation=read request with a crafted Accept-Language HTTP...

CVE-2012-5767

The affected product is IBM TS3500 Tape Library with the web UI. The vulnerability (CVE-2012-5767) exists in firmware versions lower than C260 and could allow an authenticated remote user to gain higher privileges via unspecified vectors. IBM’s security bulletin specifies that applying firmware v...

Design/Logic Flaw

IBM Maximo Asset Management 7.5, Maximo Asset Management Essentials 7.5, and SmartCloud Control Desk 7.5 allow remote authenticated users to gain privileges and bypass intended restrictions on asset-lookup operations via unspecified vectors...

CVE-2012-5199

Unspecified vulnerability in HP ArcSight Connector Appliance 6.3 and earlier and ArcSight Logger 5.2 and earlier allows remote authenticated users to execute arbitrary code via unknown vectors...

CVE-2013-0701

SQL injection vulnerability in Cybozu Garoon 2.5.0 through 3.5.3 allows remote authenticated users to execute arbitrary SQL commands by leveraging a logging privilege...

CVE-2013-0208

CVE-2013-0208 affects OpenStack Compute (Nova) boot-from-volume when using nova-volume on Folsom/Essex. The root cause was insufficient validation of the user’s permission to boot an image, allowing an authenticated user to boot from volumes owned by other users via a volume_id in block_device_ma...

CVE-2013-0255

PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9.0.x before 9.0.12, 8.4.x before 8.4.16, and 8.3.x before 8.3.23 does not properly declare the enumrecv function in backend/utils/adt/enum.c, which causes it to be invoked with incorrect arguments and allows remote authenticated users to cause a...

CVE-2013-0255

CVE-2013-0255 affects PostgreSQL: enums handling in backend/utils/adt/enum.c could be invoked with incorrect arguments, allowing remote authenticated users to crash the server or read sensitive process memory via crafted SQL. Affected versions: PostgreSQL 9.2.x before 9.2.3, 9.1.x before 9.1.8, 9...

CVE-2012-5478

CVE-2012-5478 affects JBoss Enterprise Platform components (EAP/Web Platform BRMS/SOA) prior to versions listed; the AuthorizationInterceptor fails to properly restrict access, allowing remote authenticated users to bypass role checks and perform arbitrary JMX operations via unspecified vectors. ...

JBoss: allows empty password to authenticate against LDAP

The default configuration of the 1 LdapLoginModule and 2 LdapExtLoginModule modules in JBoss Enterprise Application Platform EAP 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform EWP 5.2.0 allow remote attackers to bypass authentication via an empty password...

CVE-2012-3268

Certain HP Access Controller, Fabric Module, Firewall, Router, Switch, and UTM Appliance products; certain HP 3Com Access Controller, Router, and Switch products; certain HP H3C Access Controller, Firewall, Router, Switch, and Switch and Route Processing Unit products; and certain Huawei...

mysql: unspecified DoS vulnerability related to InnoDB (CPU Jan 2013)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to InnoDB...

mysql: unspecified DoS vulnerability related to Information Schema (CPU Jan 2013)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier, and 5.5.28 and earlier, allows remote authenticated users to affect availability via unknown vectors related to Information Schema...

mysql: unspecified DoS vulnerability related to Server Optimizer (CPU Jan 2013)

Unspecified vulnerability in the Server component in Oracle MySQL 5.1.66 and earlier and 5.5.28 and earlier allows remote authenticated users to affect availability via unknown vectors related to Server Optimizer...

CVE-2012-0205

CVE-2012-0205 affects IBM InfoSphere Information Server MWB (Metadata Workbench) versions 8.1–8.7. The root cause is unrestricted access to the troubleshooting feature, enabling remote authenticated users to bypass access restrictions or cause a workbench outage (deny service). Affected products ...