Vulnerabilities > Configuration

DATE CVE VULNERABILITY TITLE RISK
2013-10-24 CVE-2013-5167 Configuration vulnerability in Apple mac OS X
CFNetwork in Apple Mac OS X before 10.9 does not properly support Safari's deletion of session cookies in response to a reset operation, which makes it easier for remote web servers to track users via Set-Cookie HTTP headers.
network
low complexity
apple CWE-16
5.0
2013-10-10 CVE-2013-4221 Configuration vulnerability in Restlet
The default configuration of the ObjectRepresentation class in Restlet before 2.1.4 deserializes objects from untrusted sources using the Java XMLDecoder, which allows remote attackers to execute arbitrary Java code via crafted XML.
network
low complexity
restlet CWE-16
7.5
2013-08-16 CVE-2013-4128 Configuration vulnerability in Redhat Jboss Enterprise Application Platform 6.1.0
Red Hat JBoss Enterprise Application Platform (EAP) 6.1.0 does not properly cache EJB invocations by remote-naming, which allows remote attackers to hijack sessions by using a remoting client.
network
low complexity
redhat CWE-16
6.4
2013-07-08 CVE-2013-2205 Configuration vulnerability in Wordpress
The default configuration of SWFUpload in WordPress before 3.5.2 has an unrestrictive security.allowDomain setting, which allows remote attackers to bypass the Same Origin Policy and conduct cross-site scripting (XSS) attacks via a crafted web site.
network
wordpress CWE-16
4.3
2013-05-09 CVE-2013-1222 Configuration vulnerability in Cisco Unified Customer Voice Portal
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to launch arbitrary custom web applications via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38379.
network
low complexity
cisco CWE-16
7.8
2013-05-09 CVE-2013-1221 Configuration vulnerability in Cisco Unified Customer Voice Portal
The Tomcat Web Management feature in Cisco Unified Customer Voice Portal (CVP) Software before 9.0.1 ES 11 does not properly configure Tomcat components, which allows remote attackers to execute arbitrary code via a crafted (1) HTTP or (2) HTTPS request, aka Bug ID CSCub38384.
network
low complexity
cisco CWE-16
critical
10.0
2013-04-13 CVE-2013-3051 Configuration vulnerability in multiple products
The TrustZone kernel, when used in conjunction with a certain Motorola build of Android 4.1.2, on Motorola Razr HD, Razr M, and Atrix HD devices with the Qualcomm MSM8960 chipset does not verify the association between a certain physical-address argument and a memory region, which allows local users to unlock the bootloader by using kernel mode to perform crafted 0x9 and 0x2 SMC operations, a different vulnerability than CVE-2013-2596.
local
high complexity
qualcomm motorola CWE-16
6.2
2013-04-05 CVE-2013-0683 Configuration vulnerability in Cogentdatahub products
The DataSim and DataPid demonstration clients in Cogent Real-Time Systems Cogent DataHub before 7.3.0, OPC DataHub before 6.4.22, Cascade DataHub before 6.4.22 on Windows, and DataHub QuickTrend before 7.3.0 allow remote servers to cause a denial of service (incorrect pointer access and client crash) via malformed data in a formatted text command.
7.1
2013-04-05 CVE-2013-0470 Configuration vulnerability in IBM Netezza Performance Portal 1.0.2
HTTPD in IBM Netezza Performance Portal 1.0.2 allows remote authenticated users to list application directories containing asset files via a direct request to a directory URI, as demonstrated by listing image files.
network
low complexity
ibm CWE-16
4.0
2013-04-03 CVE-2012-4546 Configuration vulnerability in Redhat Enterprise Linux 6.0
The default configuration for IPA servers in Red Hat Enterprise Linux 6, when revoking a certificate from an Identity Management replica, does not properly update another Identity Management replica, which causes inconsistent Certificate Revocation Lists (CRLs) to be used and might allow remote attackers to bypass intended access restrictions via a revoked certificate.
network
redhat CWE-16
4.3