|
289961
|
- |
|
apache
|
tomcat
|
Unrestricted file upload vulnerability in Apache Tomcat 7.x before 7.0.40, in certain situations involving outdated java.io.File code and a custom JMX configuration, allows remote attackers to execut…
|
CWE-94
Code Injection
|
CVE-2013-4444
|
2024-11-21 10:55 |
2014-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289962
|
- |
|
apache
|
subversion
|
svnwcsub.py in Subversion 1.8.0 before 1.8.3, when using the --pidfile option and running in foreground mode, allows local users to gain privileges via a symlink attack on the pid file. NOTE: this i…
|
CWE-59
Link Following
|
CVE-2013-4262
|
2024-11-21 10:55 |
2014-07-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289963
|
- |
|
apache
|
http_server
|
The cache_invalidate function in modules/cache/cache_storage.c in the mod_cache module in the Apache HTTP Server 2.4.6, when a caching forward proxy is enabled, allows remote HTTP servers to cause a …
|
NVD-CWE-Other
|
CVE-2013-4352
|
2024-11-21 10:55 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289964
|
- |
|
entity_api_project
|
entity_api
|
The Entity API module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to node comments, which allows remote authenticated users to read the comments via unspecified vectors. NOTE:…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4273
|
2024-11-21 10:55 |
2014-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289965
|
- |
|
misery_project
|
misery
|
The Misery module 6.x-2.x before 6.x-2.5 and 7.x-2.x before 7.x-2.2 for Drupal, when the "delay misery" configuration is set to a high value, allows remote attackers to cause a denial of service (pro…
|
CWE-399
Resource Management Errors
|
CVE-2013-4599
|
2024-11-21 10:55 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289966
|
- |
|
rik_de_boer
|
revisioning
|
The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated user…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4597
|
2024-11-21 10:55 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289967
|
- |
|
gordon_heydon
|
secure_pages
|
The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive info…
|
CWE-310
Cryptographic Issues
|
CVE-2013-4595
|
2024-11-21 10:55 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289968
|
- |
|
danielkorte
|
nodeaccesskeys
|
The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4596
|
2024-11-21 10:55 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289969
|
- |
|
google_authenticator_login_project
|
ga_login
|
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password …
|
CWE-287
Improper Authentication
|
CVE-2013-4178
|
2024-11-21 10:55 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289970
|
- |
|
google_authenticator_login_project
|
ga_login
|
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4177
|
2024-11-21 10:55 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
