|
291721
|
- |
|
redhat
theforeman
|
network_satellite
katello
|
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by se…
|
CWE-20
Improper Input Validation
|
CVE-2013-2143
|
2024-11-21 10:51 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291722
|
- |
|
roberta_bramski
|
uploader
|
Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or …
|
CWE-79
Cross-site Scripting
|
CVE-2013-2287
|
2024-11-21 10:51 |
2014-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291723
|
- |
|
jgaa
|
warftpd
|
Unspecified vulnerability in War FTP Daemon (warftpd) 1.82, when running as a Windows service, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unk…
|
NVD-CWE-noinfo
|
CVE-2013-2278
|
2024-11-21 10:51 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291724
|
- |
|
getsymphony
|
symphony
|
SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged us…
|
CWE-89
SQL Injection
|
CVE-2013-2559
|
2024-11-21 10:51 |
2014-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291725
|
- |
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in js/viewer.js in ownCloud before 4.5.12 and 5.x before 5.0.7 allow remote attackers to inject arbitrary web script or HTML via vectors related to…
|
CWE-79
Cross-site Scripting
|
CVE-2013-2150
|
2024-11-21 10:51 |
2014-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291726
|
- |
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.16 and 5.x before 5.0.7 allow remote authenticated users to inject arbitrary web script or HTML via vectors related to share…
|
CWE-79
Cross-site Scripting
|
CVE-2013-2149
|
2024-11-21 10:51 |
2014-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291727
|
- |
|
owncloud
|
owncloud
|
Incomplete blacklist vulnerability in ownCloud before 5.0.6 allows remote authenticated users to execute arbitrary PHP code by uploading a crafted file, then accessing it via a direct request to the …
|
NVD-CWE-Other
|
CVE-2013-2089
|
2024-11-21 10:51 |
2014-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291728
|
- |
|
owncloud
|
owncloud
|
The configuration loader in ownCloud 5.0.x before 5.0.6 allows remote attackers to obtain CSRF tokens and other sensitive information by reading an unspecified JavaScript file.
|
CWE-200
Information Exposure
|
CVE-2013-2086
|
2024-11-21 10:51 |
2014-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291729
|
- |
|
owncloud
|
owncloud
|
Directory traversal vulnerability in apps/files_trashbin/index.php in ownCloud Server before 5.0.6 allows remote authenticated users to access arbitrary files via a .. (dot dot) in the dir parameter.
|
CWE-22
Path Traversal
|
CVE-2013-2085
|
2024-11-21 10:51 |
2014-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291730
|
- |
|
brother
|
mfc-9970cdw_firmware
mfc-9970cdw
|
Multiple cross-site scripting (XSS) vulnerabilities in the Brother MFC-9970CDW printer with firmware G (1.03) allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to…
|
CWE-79
Cross-site Scripting
|
CVE-2013-2507
|
2024-11-21 10:51 |
2014-03-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
