Search

Search Results (363701 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2013-0171 1 Theforeman 1 Foreman 2025-04-12 N/A
Foreman before 1.1 allows remote attackers to execute arbitrary code via a crafted YAML object to the (1) fact or (2) report import API.
CVE-2013-0173 1 Theforeman 1 Foreman 2025-04-12 N/A
Foreman before 1.1 uses a salt of "foreman" to hash root passwords, which makes it easier for attackers to guess the password via a brute force attack.
CVE-2013-0174 1 Theforeman 1 Foreman 2025-04-12 N/A
The external node classifier (ENC) API in Foreman before 1.1 allows remote attackers to obtain the hashed root password via an API request.
CVE-2013-0187 1 Theforeman 1 Foreman 2025-04-12 N/A
Foreman before 1.1 allows remote authenticated users to gain privileges via a (1) XMLHttpRequest or (2) AJAX request.
CVE-2013-0191 1 Lucas Clemente Vella 1 Libpam-pgsql 2025-04-12 N/A
libpam-pgsql (aka pam_pgsql) 0.7 does not properly handle a NULL value returned by the password search query, which allows remote attackers to bypass authentication via a crafted password.
CVE-2013-0197 1 Mantisbt 1 Mantisbt 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in the filter_draw_selection_area2 function in core/filter_api.php in MantisBT 1.2.12 before 1.2.13 allows remote attackers to inject arbitrary web script or HTML via the match_type parameter to bugs/search.php.
CVE-2013-0199 1 Redhat 1 Freeipa 2025-04-12 N/A
The default LDAP ACIs in FreeIPA 3.0 before 3.1.2 do not restrict access to the (1) ipaNTTrustAuthIncoming and (2) ipaNTTrustAuthOutgoing attributes, which allow remote attackers to obtain the Cross-Realm Kerberos Trust key via unspecified vectors.
CVE-2013-0201 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.5, 4.0.10, and earlier allow remote attackers to inject arbitrary web script or HTML via the (1) QUERY_STRING to core/lostpassword/templates/resetpassword.php, (2) mime parameter to apps/files/ajax/mimeicon.php, or (3) token parameter to apps/gallery/sharing.php.
CVE-2013-0204 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
settings/personal.php in ownCloud 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via crafted mount point settings.
CVE-2013-0210 1 Theforeman 1 Foreman 2025-04-12 N/A
The smart proxy Puppet run API in Foreman before 1.2.0 allows remote attackers to execute arbitrary commands via vectors related to escaping and Puppet commands.
CVE-2013-0250 1 Corosync 1 Corosync 2025-04-12 N/A
The init_nss_hash function in exec/totemcrypto.c in Corosync 2.0 before 2.3 does not properly initialize the HMAC key, which allows remote attackers to cause a denial of service (crash) via a crafted packet.
CVE-2013-0289 1 Isync Project 1 Isync 2025-04-12 N/A
Isync 0.4 before 1.0.6, does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate.
CVE-2013-0297 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote authenticated administrators to inject arbitrary web script or HTML via the (1) site_name or (2) site_url parameter to apps/external/ajax/setsites.php.
CVE-2013-0298 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to inject arbitrary web script or HTML via (1) a crafted iCalendar file to the calendar application, the (2) dir or (3) file parameter to apps/files_pdfviewer/viewer.php, or the (4) mountpoint parameter to /apps/files_external/addMountPoint.php.
CVE-2013-0299 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the timezone for the user via the lat and lng parameters to apps/calendar/ajax/settings/guesstimezone.php, (2) disable or enable the automatic timezone detection via the timezonedetection parameter to apps/calendar/ajax/settings/timezonedetection.php, (3) import user accounts via the admin_export parameter to apps/admin_migrate/settings.php, (4) overwrite user files via the operation parameter to apps/user_migrate/ajax/export.php, or (5) change the authentication server URL via unspecified vectors to apps/user_ldap/settings.php.
CVE-2013-0300 1 Owncloud 1 Owncloud Server 2025-04-12 N/A
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud 4.5.x before 4.5.7 allow remote attackers to hijack the authentication of users for requests that (1) change the default view via the v parameter to apps/calendar/ajax/changeview.php, mount arbitrary (2) Google Drive or (3) Dropbox folders via vectors related to addRootCertificate.php, dropbox.php and google.php in apps/files_external/ajax/, or (4) change the authentication server URL via unspecified vectors to apps/user_webdavauth/settings.php.
CVE-2013-0301 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
Cross-site request forgery (CSRF) vulnerability in apps/calendar/ajax/settings/settimezone in ownCloud before 4.0.12 allows remote attackers to hijack the authentication of users for requests that change the timezone via the timezone parameter.
CVE-2013-0302 2 Amazon, Owncloud 3 Sdk Tester, Owncloud, Owncloud Server 2025-04-12 N/A
Unspecified vulnerability in ownCloud Server before 4.0.12 allows remote attackers to obtain sensitive information via unspecified vectors related to "inclusion of the Amazon SDK testing suite." NOTE: due to lack of details, it is not clear whether the issue exists in ownCloud itself, or in Amazon SDK.
CVE-2013-0304 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
ownCloud Server before 4.5.7 does not properly check ownership of calendars, which allows remote authenticated users to read arbitrary calendars via the calid parameter to /apps/calendar/export.php. NOTE: this issue has been reported as a cross-site request forgery (CSRF) vulnerability, but due to lack of details, it is uncertain what the root cause is.
CVE-2013-0307 1 Owncloud 2 Owncloud, Owncloud Server 2025-04-12 N/A
Cross-site scripting (XSS) vulnerability in settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.7 allows remote administrators to inject arbitrary web script or HTML via the group input field parameter.