|
286741
|
- |
|
mahara
|
mahara
|
Cross-site scripting (XSS) vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4430
|
2024-11-21 10:55 |
2014-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286742
|
- |
|
mahara
|
mahara
|
Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly restrict access to artefacts, which allows remote authenticated users to read arbitrary artefacts via the (1) artefa…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4429
|
2024-11-21 10:55 |
2014-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286743
|
- |
|
leon_weber
|
pyxtrlock
|
pyxtrlock before 0.2 does not properly check the return values of the (1) xcb_grab_pointer and (2) xcb_grab_keyboard XCB library functions, which allows physically proximate attackers to gain access …
|
CWE-20
Improper Input Validation
|
CVE-2013-4427
|
2024-11-21 10:55 |
2014-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286744
|
- |
|
leon_weber
|
pyxtrlock
|
pyxtrlock before 0.1 uses an incorrect variable name, which allows physically proximate attackers to bypass the lock screen via multiple failed authentication attempts, which trigger a crash.
|
NVD-CWE-noinfo
|
CVE-2013-4426
|
2024-11-21 10:55 |
2014-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286745
|
- |
|
quick_tabs_module_project
|
quicktabs
|
The Quick Tabs module 6.x-2.x before 6.x-2.2, 6.x-3.x before 6.x-3.2, and 7.x-3.x before 7.x-3.6 for Drupal does not properly check block permissions, which allows remote attackers to obtain sensitiv…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4406
|
2024-11-21 10:55 |
2014-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286746
|
- |
|
florian_weber
|
spaces
|
The Spaces OG submodule in the Spaces module 6.x-3.x before 6.x-3.7 for Drupal does not properly delete organic group group spaces content when using the option to move to a new group, which causes t…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4498
|
2024-11-21 10:55 |
2014-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286747
|
- |
|
gitlab
|
gitlab
|
The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code …
|
NVD-CWE-Other
|
CVE-2013-4489
|
2024-11-21 10:55 |
2014-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286748
|
- |
|
openstack
|
horizon
|
The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to chang…
|
CWE-287
Improper Authentication
|
CVE-2013-4471
|
2024-11-21 10:55 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286749
|
- |
|
vicidial
|
vicidial
|
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an …
|
NVD-CWE-Other
|
CVE-2013-4468
|
2024-11-21 10:55 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286750
|
- |
|
katello
|
katello_installer
|
Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by readi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4455
|
2024-11-21 10:55 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
