|
286931
|
- |
|
urbanairship
|
python-oauth2
|
The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess…
|
CWE-310
Cryptographic Issues
|
CVE-2013-4347
|
2024-11-21 10:55 |
2014-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286932
|
- |
|
urbanairship
|
python-oauth2
|
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.
|
CWE-310
Cryptographic Issues
|
CVE-2013-4346
|
2024-11-21 10:55 |
2014-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286933
|
- |
|
typo3
|
typo3
|
The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension …
|
CWE-94
Code Injection
|
CVE-2013-4321
|
2024-11-21 10:55 |
2014-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286934
|
- |
|
typo3
|
typo3
|
The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4320
|
2024-11-21 10:55 |
2014-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286935
|
- |
|
typo3
|
typo3
|
The (1) file upload component and (2) File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.3 do not properly check file extensions, which allow remote authenticated editors t…
|
CWE-20
Improper Input Validation
|
CVE-2013-4250
|
2024-11-21 10:55 |
2014-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286936
|
- |
|
mahara
|
mahara
|
Mahara before 1.5.13, 1.6.x before 1.6.8, and 1.7.x before 1.7.4 does not properly restrict access to folders, which allows remote authenticated users to read arbitrary folders (1) by leveraging an a…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4432
|
2024-11-21 10:55 |
2014-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286937
|
- |
|
mahara
|
mahara
|
Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly prevent access to blocks, which allows remote authenticated users to modify arbitrary blocks via the bock id in an e…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4431
|
2024-11-21 10:55 |
2014-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286938
|
- |
|
mahara
|
mahara
|
Cross-site scripting (XSS) vulnerability in Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 allows remote attackers to inject arbitrary web script or HTML via the Host header to lib/…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4430
|
2024-11-21 10:55 |
2014-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286939
|
- |
|
mahara
|
mahara
|
Mahara before 1.5.12, 1.6.x before 1.6.7, and 1.7.x before 1.7.3 does not properly restrict access to artefacts, which allows remote authenticated users to read arbitrary artefacts via the (1) artefa…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4429
|
2024-11-21 10:55 |
2014-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
286940
|
- |
|
leon_weber
|
pyxtrlock
|
pyxtrlock before 0.2 does not properly check the return values of the (1) xcb_grab_pointer and (2) xcb_grab_keyboard XCB library functions, which allows physically proximate attackers to gain access …
|
CWE-20
Improper Input Validation
|
CVE-2013-4427
|
2024-11-21 10:55 |
2014-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
