|
293651
|
- |
|
raoul_proenca
|
gnew
|
Multiple SQL injection vulnerabilities in Gnew 2013.1 allow remote attackers to execute arbitrary SQL commands via the (1) news_id parameter to news/send.php, (2) thread_id parameter to posts/edit.ph…
|
CWE-89
SQL Injection
|
CVE-2013-7349
|
2024-11-21 11:00 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293652
|
- |
|
redhat
|
conga
enterprise_linux
|
Luci in Red Hat Conga does not properly enforce the user session timeout, which might allow attackers to gain access to the session by reading the __ac session cookie. NOTE: this issue has been SPLI…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7347
|
2024-11-21 11:00 |
2014-03-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293653
|
- |
|
getsymphony
|
symphony
|
Cross-site request forgery (CSRF) vulnerability in Symphony CMS before 2.3.2 allows remote attackers to hijack the authentication of administrators for requests that conduct SQL injection attacks via…
|
CWE-352
Origin Validation Error
|
CVE-2013-7346
|
2024-11-21 11:00 |
2014-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293654
|
- |
|
linux
|
linux_kernel
|
The rds_ib_laddr_check function in net/rds/ib.c in the Linux kernel before 3.12.8 allows local users to cause a denial of service (NULL pointer dereference and system crash) or possibly have unspecif…
|
CWE-476
NULL Pointer Dereference
|
CVE-2013-7339
|
2024-11-21 11:00 |
2014-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293655
|
- |
|
christos_zoulas
php
debian
|
file
php
debian_linux
|
The BEGIN regular expression in the awk script detector in magic/Magdir/commands in file before 5.15 uses multiple wildcards with unlimited repetitions, which allows context-dependent attackers to ca…
|
NVD-CWE-noinfo
|
CVE-2013-7345
|
2024-11-21 11:00 |
2014-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293656
|
- |
|
owncloud
|
owncloud
|
Unspecified vulnerability in core/settings.php in ownCloud before 4.0.12 and 4.5.x before 4.5.6 allows remote authenticated users to execute arbitrary PHP code via unknown vectors. NOTE: this issue …
|
NVD-CWE-noinfo
|
CVE-2013-7344
|
2024-11-21 11:00 |
2014-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293657
|
- |
|
flowplayer
|
flowplayer_html5
|
Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.1 allows remote attackers to inject arbitrary web script or HTML via the callback para…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7342
|
2024-11-21 11:00 |
2014-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293658
|
- |
|
flowplayer
|
flowplayer_html5
|
Cross-site scripting (XSS) vulnerability in flowplayer.swf in the Flash fallback feature in Flowplayer HTML5 5.4.3 allows remote attackers to inject arbitrary web script or HTML by using URL encoding…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7343
|
2024-11-21 11:00 |
2014-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293659
|
- |
|
flowplayer
moodle
|
flowplayer_flash
moodle
|
Multiple cross-site scripting (XSS) vulnerabilities in Flowplayer Flash before 3.2.17, as used in Moodle through 2.3.11, 2.4.x before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2, allow remote a…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7341
|
2024-11-21 11:00 |
2014-03-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293660
|
- |
|
videolan
|
vlc_media_player
|
VideoLAN VLC Media Player before 2.0.7 allows remote attackers to cause a denial of service (memory consumption) via a crafted playlist file.
|
CWE-399
Resource Management Errors
|
CVE-2013-7340
|
2024-11-21 11:00 |
2014-03-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
