|
290731
|
- |
|
katello
|
katello_installer
|
Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by readi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4455
|
2024-11-21 10:55 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290732
|
- |
|
madeofcode
|
omniauth-facebook
|
The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter.
|
CWE-352
Origin Validation Error
|
CVE-2013-4562
|
2024-11-21 10:55 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290733
|
- |
|
drupalauth_project
|
drupalauth
|
lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for simpleSAMLphp allows remote attackers to authenticate as an arbitrary user via the user name (uid) in a cookie.
|
CWE-287
Improper Authentication
|
CVE-2013-4552
|
2024-11-21 10:55 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290734
|
- |
|
gitlab
|
gitlab
gitlab-shell
|
The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.
|
NVD-CWE-Other
|
CVE-2013-4546
|
2024-11-21 10:55 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290735
|
- |
|
monster_menus_module_project
|
monster_menus
|
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4504
|
2024-11-21 10:55 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290736
|
- |
|
feed_element_mapper_project
|
feed_element_mapper
|
Cross-site scripting (XSS) vulnerability in the Feed Element Mapper module for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTM…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4503
|
2024-11-21 10:55 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290737
|
- |
|
nathan_haug
|
filefield_sources
|
The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4502
|
2024-11-21 10:55 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290738
|
- |
|
quiz_module_project
|
quiz
|
The default views in the Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote attackers to obtain sensitive quiz results via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4501
|
2024-11-21 10:55 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290739
|
- |
|
quiz_module_project
|
quiz
|
The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote authenticated users with the "view any quiz results" or "view results for own quiz" permission to delete arbitrary results via the dele…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4500
|
2024-11-21 10:55 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290740
|
- |
|
gitlab
|
gitlab
gitlab-shell
|
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands …
|
NVD-CWE-Other
|
CVE-2013-4490
|
2024-11-21 10:55 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
