|
291221
|
- |
|
theforeman
redhat
|
foreman
openstack
|
The create method in app/controllers/users_controller.rb in Foreman before 1.2.0-RC2 allows remote authenticated users with permissions to create or edit other users to gain privileges by (1) changin…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2113
|
2024-11-21 10:51 |
2013-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291222
|
- |
|
apache
collabnet
canonical
opensuse
|
subversion
ubuntu_linux
opensuse
|
The svnserve server in Subversion before 1.6.23 and 1.7.x before 1.7.10 allows remote attackers to cause a denial of service (exit) by aborting a connection.
|
NVD-CWE-noinfo
|
CVE-2013-2112
|
2024-11-21 10:51 |
2013-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291223
|
- |
|
apache
collabnet
opensuse
|
subversion
opensuse
|
contrib/hook-scripts/svn-keyword-check.pl in Subversion before 1.6.23 allows remote authenticated users with commit permissions to execute arbitrary commands via shell metacharacters in a filename.
|
CWE-20
Improper Input Validation
|
CVE-2013-2088
|
2024-11-21 10:51 |
2013-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291224
|
- |
|
hp
|
sitescope
|
Multiple unspecified vulnerabilities in HP SiteScope 11.20 and 11.21, when SOAP is used, allow remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1678.
|
NVD-CWE-noinfo
|
CVE-2013-2367
|
2024-11-21 10:51 |
2013-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291225
|
- |
|
monkey-project
|
monkey
|
Cross-site scripting (XSS) vulnerability in the Directory Listing plugin in Monkey HTTP Daemon (monkeyd) 1.2.2 allows attackers to inject arbitrary web script or HTML via a file name.
|
CWE-79
Cross-site Scripting
|
CVE-2013-2181
|
2024-11-21 10:51 |
2013-07-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291226
|
- |
|
moodle
|
moodle
|
mod/feedback/lib.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/feedback:view capability before displaying…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2246
|
2024-11-21 10:51 |
2013-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291227
|
- |
|
moodle
|
moodle
|
rss/file.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not properly implement the use of RSS tokens for impersonation, which a…
|
CWE-287
Improper Authentication
|
CVE-2013-2245
|
2024-11-21 10:51 |
2013-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291228
|
- |
|
moodle
|
moodle
|
Multiple cross-site scripting (XSS) vulnerabilities in lib/conditionlib.php in Moodle 2.4.x before 2.4.5 and 2.5.x before 2.5.1 allow remote attackers to inject arbitrary web script or HTML via the c…
|
CWE-79
Cross-site Scripting
|
CVE-2013-2244
|
2024-11-21 10:51 |
2013-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291229
|
- |
|
moodle
|
moodle
|
mod/lesson/pagetypes/matching.php in Moodle through 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 allows remote authenticated users to obtain sensitive answer information by …
|
CWE-200
Information Exposure
|
CVE-2013-2243
|
2024-11-21 10:51 |
2013-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291230
|
- |
|
moodle
|
moodle
|
mod/chat/gui_sockets/index.php in Moodle through 2.1.10, 2.2.x before 2.2.11, 2.3.x before 2.3.8, 2.4.x before 2.4.5, and 2.5.x before 2.5.1 does not consider the mod/chat:chat capability before auth…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2242
|
2024-11-21 10:51 |
2013-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
