|
291731
|
- |
|
jahia
|
jahia_xcm
|
Jahia xCM before 6.6.2 does not include the HTTPOnly flag in a Set-Cookie header for the JSESSIONID cookie, which makes it easier for remote attackers to obtain potentially sensitive information via …
|
CWE-200
Information Exposure
|
CVE-2013-4617
|
2024-11-21 10:55 |
2013-11-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291732
|
- |
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerability in mod/quiz/report/responses/responses_table.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authe…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4525
|
2024-11-21 10:55 |
2013-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291733
|
- |
|
moodle
|
moodle
|
Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read …
|
CWE-22
Path Traversal
|
CVE-2013-4524
|
2024-11-21 10:55 |
2013-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291734
|
- |
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbit…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4523
|
2024-11-21 10:55 |
2013-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291735
|
- |
|
moodle
|
moodle
|
lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send "Cache-Control: private" HTTP headers, which allows remote attackers to obtain …
|
CWE-200
Information Exposure
|
CVE-2013-4522
|
2024-11-21 10:55 |
2013-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291736
|
- |
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject ar…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4573
|
2024-11-21 10:55 |
2013-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291737
|
- |
|
ibus_project
opensuse
|
ibus
opensuse
|
The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allo…
|
CWE-255
Credentials Management
|
CVE-2013-4509
|
2024-11-21 10:55 |
2013-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291738
|
- |
|
ruby-lang
|
ruby
|
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial o…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4164
|
2024-11-21 10:55 |
2013-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291739
|
- |
|
f5
opensuse
suse
|
nginx
opensuse
studio_onsite
webyast
lifecycle_management_server
|
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2013-4547
|
2024-11-21 10:55 |
2013-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291740
|
- |
|
robert_ancell
canonical
|
lightdm
ubuntu_linux
|
LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4459
|
2024-11-21 10:55 |
2013-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
