|
292141
|
- |
|
mediawiki
|
mediawiki
|
maintenance/mwdoc-filter.php in MediaWiki before 1.20.3 allows remote attackers to read arbitrary files via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2013-1818
|
2024-11-21 10:50 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292142
|
- |
|
mantisbt
|
mantisbt
|
Mantis Bug Tracker (aka MantisBT) 1.2.12 before 1.2.15 allows remote attackers to cause a denial of service (resource consumption) via a filter using a criteria, text search, and the "any condition" …
|
CWE-20
Improper Input Validation
|
CVE-2013-1883
|
2024-11-21 10:50 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292143
|
- |
|
opalvoip
ekiga
suse
|
portable_tool_library
ekiga
suse_linux_enterprise_software_development_kit
suse_linux_enterprise_desktop
|
The Portable Tool Library (aka PTLib) before 2.10.10, as used in Ekiga before 4.0.1, does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of ser…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-1864
|
2024-11-21 10:50 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292144
|
- |
|
coscms
|
coscms
|
The uploadFile function in upload/index.php in CosCMS before 1.822 allows remote administrators to execute arbitrary commands via shell metacharacters in the name of an uploaded file.
|
CWE-78
OS Command
|
CVE-2013-1668
|
2024-11-21 10:50 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292145
|
- |
|
mantisbt
|
mantisbt
|
Multiple cross-site scripting (XSS) vulnerabilities in core/summary_api.php in MantisBT 1.2.12 allow remote authenticated users with manager or administrator permissions to inject arbitrary web scrip…
|
CWE-79
Cross-site Scripting
|
CVE-2013-1810
|
2024-11-21 10:50 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292146
|
- |
|
cloudbees
|
jenkins
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to…
|
CWE-352
Origin Validation Error
|
CVE-2013-2034
|
2024-11-21 10:50 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292147
|
- |
|
smart-flv_plugin_project
|
smart-flv
|
Multiple cross-site scripting (XSS) vulnerabilities in jwplayer.swf in the smart-flv plugin for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) link or (2) playerr…
|
CWE-79
Cross-site Scripting
|
CVE-2013-1765
|
2024-11-21 10:50 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292148
|
- |
|
php-fusion
|
php-fusion
|
Multiple SQL injection vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to execute arbitrary SQL commands via the (1) orderby parameter to downloads.php; or remote authenticated us…
|
CWE-89
SQL Injection
|
CVE-2013-1803
|
2024-11-21 10:50 |
2014-05-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292149
|
- |
|
transifex
|
transifex
|
Transifex command-line client before 0.9 does not validate X.509 certificates, which allows man-in-the-middle attackers to spoof a Transifex server via an arbitrary certificate.
|
CWE-20
Improper Input Validation
|
CVE-2013-2073
|
2024-11-21 10:50 |
2014-05-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292150
|
- |
|
php-fusion
|
php-fusion
|
PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information v…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1807
|
2024-11-21 10:50 |
2014-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
