|
291051
|
6.1 |
MEDIUM
Network
|
mantisbt
fedoraproject
|
mantisbt
fedora
|
A cross-site scripting (XSS) vulnerability in MantisBT 1.2.14 allows remote attackers to inject arbitrary web script or HTML via a version, related to deleting a version.
|
CWE-79
Cross-site Scripting
|
CVE-2013-1931
|
2024-11-21 10:50 |
2019-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291052
|
4.3 |
MEDIUM
Network
|
mantisbt
fedoraproject
|
mantisbt
fedora
|
MantisBT 1.2.12 before 1.2.15 allows authenticated users to by the workflow restriction and close issues.
|
CWE-20
Improper Input Validation
|
CVE-2013-1930
|
2024-11-21 10:50 |
2019-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291053
|
9.8 |
CRITICAL
Network
|
baseurl
debian
|
yum
debian_linux
|
yum does not properly handle bad metadata, which allows an attacker to cause a denial of service and possibly have other unspecified impact via a Trojan horse file in the metadata of a remote reposit…
|
CWE-20
Improper Input Validation
|
CVE-2013-1910
|
2024-11-21 10:50 |
2019-11-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291054
|
7.5 |
HIGH
Network
|
redhat
|
cloudforms_management_engine
|
Red Hat CloudForms 2 Management Engine (CFME) allows remote attackers to conduct session tampering attacks by leveraging use of a static secret_token.rb secret.
|
CWE-384
Session Fixation
|
CVE-2013-2049
|
2024-11-21 10:50 |
2018-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291055
|
- |
|
opensuse
jython_project
|
opensuse
jython
|
Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2027
|
2024-11-21 10:50 |
2015-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291056
|
- |
|
quixplorer
|
quixplorer
|
Directory traversal vulnerability in the zip download functionality in QuiXplorer before 2.5.5 allows remote attackers to read arbitrary files via a .. (dot dot) in the selitems[] parameter in a down…
|
CWE-22
Path Traversal
|
CVE-2013-1641
|
2024-11-21 10:50 |
2014-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291057
|
- |
|
call-cc
|
chicken
|
Untrusted search path vulnerability in csi in Chicken before 4.8.2 allows local users to execute arbitrary code via a Trojan horse .csirc in the current working directory.
|
NVD-CWE-Other
|
CVE-2013-1874
|
2024-11-21 10:50 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291058
|
- |
|
seamons
|
net-server
|
Net-Server, when the reverse-lookups option is enabled, does not check if the hostname resolves to the source IP address, which might allow remote attackers to bypass ACL restrictions via the hostnam…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1841
|
2024-11-21 10:50 |
2014-06-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291059
|
- |
|
autocomplete_widgets_project
|
autocomplete_widgets
|
The autocomplete callback in Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-rc1 does not properly handle node permissi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1973
|
2024-11-21 10:50 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291060
|
- |
|
mark_evans
|
dragonfly_gem
|
The Dragonfly gem 0.7 before 0.8.6 and 0.9.x before 0.9.13 for Ruby, when used with Ruby on Rails, allows remote attackers to execute arbitrary code via a crafted request.
|
CWE-94
Code Injection
|
CVE-2013-1756
|
2024-11-21 10:50 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
