CVE List
Id | CVE No. | Status | Description | Phase | Votes | Comments | Actions |
---|---|---|---|---|---|---|---|
62197 | CVE-2013-2250 | Candidate | Apache Open For Business Project (aka OFBiz) 10.04.01 through 10.04.05, 11.04.01 through 11.04.02, and 12.04.01 allows remote attackers to execute arbitrary Unified Expression Language (UEL) functions via JUEL metacharacters in unspecified parameters, related to nested expressions. | Assigned (20130219) | None (candidate not yet proposed) | View | |
62453 | CVE-2013-2506 | Candidate | app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves. | Assigned (20130308) | None (candidate not yet proposed) | View | |
62709 | CVE-2013-2762 | Candidate | The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions via crafted configuration data. | Assigned (20130404) | None (candidate not yet proposed) | View | |
62965 | CVE-2013-3018 | Candidate | ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. | Assigned (20130412) | None (candidate not yet proposed) | View | |
63221 | CVE-2013-3274 | Candidate | EMC Avamar Server and Avamar Virtual Edition before 7.0 on Data Store Gen3, Gen4, and Gen4s platforms do not properly determine authorization for calls to Java RMI methods, which allows remote authenticated users to execute arbitrary code via unspecified vectors. | Assigned (20130426) | None (candidate not yet proposed) | View |
Page 20146 of 20943, showing 5 records out of 104715 total, starting on record 100726, ending on 100730