|
286341
|
- |
|
wokamoto
|
wp-cron_dashboard
|
Cross-site scripting (XSS) vulnerability in the WP-Cron Dashboard plugin 1.1.5 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the procname parameter to w…
|
CWE-79
Cross-site Scripting
|
CVE-2013-6991
|
2024-11-21 11:00 |
2014-01-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286342
|
- |
|
projectforge
|
projectforge
|
Multiple cross-site request forgery (CSRF) vulnerabilities in ProjectForge before 5.3 allow remote attackers to hijack the authentication of arbitrary users via vectors related to (1) web/admin/, (2)…
|
CWE-352
Origin Validation Error
|
CVE-2013-7251
|
2024-11-21 11:00 |
2014-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286343
|
- |
|
projectforge
|
projectforge
|
Cross-site scripting (XSS) vulnerability in the JsonBuilder implementation in ProjectForge before 5.3 allows remote authenticated users to inject arbitrary web script or HTML via an autocompletion st…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7250
|
2024-11-21 11:00 |
2014-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286344
|
- |
|
fatfreecrm
|
fat_free_crm
|
Fat Free CRM before 0.12.1 does not restrict XML serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.xml, a dif…
|
CWE-200
Information Exposure
|
CVE-2013-7249
|
2024-11-21 11:00 |
2014-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286345
|
- |
|
fatfreecrm
|
fat_free_crm
|
Multiple SQL injection vulnerabilities in app/controllers/home_controller.rb in Fat Free CRM before 0.12.1 allow remote authenticated users to execute arbitrary SQL commands via (1) the homepage time…
|
CWE-89
SQL Injection
|
CVE-2013-7225
|
2024-11-21 11:00 |
2014-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286346
|
- |
|
fatfreecrm
|
fat_free_crm
|
Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json.
|
CWE-200
Information Exposure
|
CVE-2013-7224
|
2024-11-21 11:00 |
2014-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286347
|
- |
|
fatfreecrm
|
fat_free_crm
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Fat Free CRM before 0.12.1 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors, related to the…
|
CWE-352
Origin Validation Error
|
CVE-2013-7223
|
2024-11-21 11:00 |
2014-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286348
|
- |
|
fatfreecrm
|
fat_free_crm
|
config/initializers/secret_token.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secret_token value, which makes it easier for remote attackers to spoof signed cookies by …
|
CWE-310
Cryptographic Issues
|
CVE-2013-7222
|
2024-11-21 11:00 |
2014-01-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286349
|
- |
|
synology
|
diskstation_manager
|
Multiple directory traversal vulnerabilities in the FileBrowser components in Synology DiskStation Manager (DSM) before 4.3-3810 Update 3 allow remote attackers to read, write, and delete arbitrary f…
|
CWE-22
Path Traversal
|
CVE-2013-6987
|
2024-11-21 11:00 |
2014-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286350
|
- |
|
zenphoto
|
zenphoto
|
SQL injection vulnerability in zp-core/zp-extensions/wordpress_import.php in Zenphoto before 1.4.5.4 allows remote authenticated administrators to execute arbitrary SQL commands via the tableprefix p…
|
CWE-89
SQL Injection
|
CVE-2013-7242
|
2024-11-21 11:00 |
2014-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
