CVE-2013-3565
https://notcve.org/view.php?id=CVE-2013-3565
Multiple cross-site scripting (XSS) vulnerabilities in the HTTP Interface in VideoLAN VLC Media Player before 2.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) command parameter to requests/vlm_cmd.xml, (2) dir parameter to requests/browse.xml, or (3) URI in a request, which is returned in an error message through share/lua/intf/http.lua. Múltiples vulnerabilidades de tipo cross-site scripting (XSS) en la interfaz HTTP en VideoLAN VLC Media Player versiones anteriores a 2.0.7, permiten a atacantes remotos inyectar script web o HTML arbitrario por medio del (1) parámetro command en el archivo request/vlm_cmd.xml, (2) parámetro dir en el archivo request/browse.xml, o (3) URI en una petición, que es devuelta en un mensaje de error por medio del archivo share/lua/intf/http.lua. • http://git.videolan.org/gitweb.cgi/vlc.git/?p=vlc.git%3Ba=commitdiff%3Bh=bf02b8dd211d5a52aa301a9a2ff4e73ed8195881 http://lists.opensuse.org/opensuse-updates/2014-03/msg00001.html http://www.videolan.org/developers/vlc-branch/NEWS https://www3.trustwave.com/spiderlabs/advisories/TWSL2013-007.txt • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2014-3495
https://notcve.org/view.php?id=CVE-2014-3495
duplicity 0.6.24 has improper verification of SSL certificates duplicity versión 0.6.24, presenta una comprobación inapropiada de los certificados SSL. • https://access.redhat.com/security/cve/cve-2014-3495 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-3495 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-3495 https://security-tracker.debian.org/tracker/CVE-2014-3495 • CWE-295: Improper Certificate Validation •
CVE-2014-2387
https://notcve.org/view.php?id=CVE-2014-2387
Pen 0.18.0 has Insecure Temporary File Creation vulnerabilities Pen versión 0.18.0, presenta vulnerabilidades no seguras en la creación de archivos temporales. • http://www.openwall.com/lists/oss-security/2014/03/13/5 http://www.openwall.com/lists/oss-security/2014/03/14/2 http://www.securityfocus.com/bid/66214 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2014-2387 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2014-2387 https://exchange.xforce.ibmcloud.com/vulnerabilities/91992 https://security-tracker.debian.org/tracker/CVE-2014-2387 • CWE-668: Exposure of Resource to Wrong Sphere •
CVE-2013-7370
https://notcve.org/view.php?id=CVE-2013-7370
node-connect before 2.8.1 has XSS in the Sencha Labs Connect middleware node-connect versiones anteriores a 2.8.1, presenta una vulnerabilidad de tipo XSS en el middleware Sencha Labs Connect. • http://www.openwall.com/lists/oss-security/2014/04/21/2 http://www.openwall.com/lists/oss-security/2014/05/13/1 https://access.redhat.com/security/cve/cve-2013-7370 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2013-7370 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2013-7370 https://nodesecurity.io/advisories/methodOverride_Middleware_Reflected_Cross-Site_Scripting https://security-tracker.debian.org/tracker/CVE-2013-7370 • CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') •
CVE-2012-6655
https://notcve.org/view.php?id=CVE-2012-6655
An issue exists AccountService 0.6.37 in the user_change_password_authorized_cb() function in user.c which could let a local users obtain encrypted passwords. Existe un problema en AccountService versión 0.6.37, en la función user_change_password_authorized_cb() en el archivo user.c, lo que podría permitir a usuarios locales obtener contraseñas cifradas. • http://www.openwall.com/lists/oss-security/2014/08/16/7 http://www.securityfocus.com/bid/69245 https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2012-6655 https://bugzilla.suse.com/show_bug.cgi?id=CVE-2012-6655 https://exchange.xforce.ibmcloud.com/vulnerabilities/95325 https://security-tracker.debian.org/tracker/CVE-2012-6655 • CWE-732: Incorrect Permission Assignment for Critical Resource •