|
290441
|
- |
|
rodrigo_polo
|
stream_video_player
|
Cross-site request forgery (CSRF) vulnerability in the Stream Video Player plugin 1.4.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change p…
|
CWE-352
Origin Validation Error
|
CVE-2013-2706
|
2024-11-21 10:52 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290442
|
- |
|
underconstruction_project
|
underconstruction
|
Cross-site request forgery (CSRF) vulnerability in the underConstruction plugin before 1.09 for WordPress allows remote attackers to hijack the authentication of administrators for requests that deac…
|
CWE-352
Origin Validation Error
|
CVE-2013-2699
|
2024-11-21 10:52 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290443
|
- |
|
wp-plugins
|
wp-print
|
Cross-site request forgery (CSRF) vulnerability in the Options in the WP-Print plugin before 2.52 for WordPress allows remote attackers to hijack the authentication of administrators for requests tha…
|
CWE-352
Origin Validation Error
|
CVE-2013-2693
|
2024-11-21 10:52 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290444
|
- |
|
b2evolution
|
b2evolution
|
SQL injection vulnerability in blogs/admin.php in b2evolution before 4.1.7 allows remote authenticated administrators to execute arbitrary SQL commands via the show_statuses[] parameter. NOTE: this …
|
CWE-89
SQL Injection
|
CVE-2013-2945
|
2024-11-21 10:52 |
2014-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290445
|
- |
|
wpsymposiumpro
|
wp_symposium
|
Cross-site scripting (XSS) vulnerability in invite.php in the WP Symposium plugin before 13.04 for WordPress allows remote attackers to inject arbitrary web script or HTML via the u parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2013-2695
|
2024-11-21 10:52 |
2014-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290446
|
- |
|
wpsymposiumpro
|
wp_symposium
|
Open redirect vulnerability in invite.php in the WP Symposium plugin 13.04 for WordPress allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the…
|
CWE-20
Improper Input Validation
|
CVE-2013-2694
|
2024-11-21 10:52 |
2014-03-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290447
|
- |
|
sophos
|
web_appliance_firmware
web_appliance
|
Multiple cross-site scripting (XSS) vulnerabilities in Sophos Web Appliance before 3.7.8.2 allow remote attackers to inject arbitrary web script or HTML via the (1) xss parameter in an allow action t…
|
CWE-79
Cross-site Scripting
|
CVE-2013-2643
|
2024-11-21 10:52 |
2014-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290448
|
- |
|
sophos
|
web_appliance_firmware
web_appliance
|
Sophos Web Appliance before 3.7.8.2 allows (1) remote attackers to execute arbitrary commands via shell metacharacters in the client-ip parameter to the Block page, when using the user_workstation va…
|
CWE-78
OS Command
|
CVE-2013-2642
|
2024-11-21 10:52 |
2014-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290449
|
- |
|
sophos
|
web_appliance_firmware
web_appliance
|
Directory traversal vulnerability in patience.cgi in Sophos Web Appliance before 3.7.8.2 allows remote attackers to read arbitrary files via the id parameter.
|
CWE-22
Path Traversal
|
CVE-2013-2641
|
2024-11-21 10:52 |
2014-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290450
|
- |
|
aspen
|
aspen
|
Directory traversal vulnerability in Aspen before 0.22 allows remote attackers to read arbitrary files via a .. (dot dot) to the default URI.
|
CWE-22
Path Traversal
|
CVE-2013-2619
|
2024-11-21 10:52 |
2014-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
