|
290041
|
- |
|
fatfreecrm
|
fat_free_crm
|
config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by …
|
CWE-310
Cryptographic Issues
|
CVE-2013-7222
|
2024-11-21 11:00 |
2014-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290042
|
- |
|
synology
|
diskstation_manager
|
Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary f…
|
CWE-22
Path Traversal
|
CVE-2013-6987
|
2024-11-21 11:00 |
2014-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290043
|
- |
|
zenphoto
|
zenphoto
|
SQL injection vulnerability in zp-core/zp-extensions/wordpress_import.php in Zenphoto before 1.4.5.4 allows remote authenticated administrators to execute arbitrary SQL commands via the tableprefix p…
|
CWE-89
SQL Injection
|
CVE-2013-7242
|
2024-11-21 11:00 |
2014-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290044
|
- |
|
zenphoto
|
zenphoto
|
Cross-site scripting (XSS) vulnerability in the export function in zp-core/zp-extensions/mergedRSS.php in Zenphoto before 1.4.5.4 allows remote attackers to inject arbitrary web script or HTML via th…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7241
|
2024-11-21 11:00 |
2014-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290045
|
- |
|
cisco
|
unified_presence_server
|
SQL injection vulnerability in the web interface in Cisco Unified Presence Server allows remote authenticated users to execute arbitrary SQL commands via a crafted URL, aka Bug ID CSCuh35615.
|
CWE-89
SQL Injection
|
CVE-2013-6983
|
2024-11-21 11:00 |
2014-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290046
|
- |
|
jforum
|
jforum
|
Cross-site request forgery (CSRF) vulnerability in admBase/login.page in the Admin module in JForum allows remote attackers to hijack the authentication of administrators for requests that change the…
|
CWE-352
Origin Validation Error
|
CVE-2013-7209
|
2024-11-21 11:00 |
2013-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290047
|
- |
|
wordpress
|
wordpress
|
Cross-site request forgery (CSRF) vulnerability in the retrospam component in wp-admin/options-discussion.php in WordPress 2.0.11 and earlier allows remote attackers to hijack the authentication of a…
|
CWE-352
Origin Validation Error
|
CVE-2013-7233
|
2024-11-21 11:00 |
2013-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290048
|
- |
|
esri
|
arcgis_server
|
SQL injection vulnerability in ESRI ArcGIS for Server through 10.2 allows remote attackers to execute arbitrary SQL commands via unspecified input to the map or feature service.
|
CWE-89
SQL Injection
|
CVE-2013-7232
|
2024-11-21 11:00 |
2013-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290049
|
- |
|
esri
|
arcgis_server
|
Cross-site scripting (XSS) vulnerability in the Mobile Content Server in ESRI ArcGIS for Server 10.1 and 10.2 allows remote authenticated users to inject arbitrary web script or HTML via unspecified …
|
CWE-79
Cross-site Scripting
|
CVE-2013-7231
|
2024-11-21 11:00 |
2013-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290050
|
- |
|
openx
revive-adserver
|
openx
revive_adserver
|
SQL injection vulnerability in www/delivery/axmlrpc.php (aka the XML-RPC delivery invocation script) in Revive Adserver before 3.0.2, and OpenX Source 2.8.11 and earlier, allows remote attackers to e…
|
CWE-89
SQL Injection
|
CVE-2013-7149
|
2024-11-21 11:00 |
2013-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
