|
283551
|
- |
|
envato
|
complete_gallery_manager_plugin
|
Unrestricted file upload vulnerability in frames/upload-images.php in the Complete Gallery Manager plugin before 3.3.4 rev40279 for WordPress allows remote attackers to execute arbitrary code by uplo…
|
NVD-CWE-Other
|
CVE-2013-5962
|
2024-11-21 10:58 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283552
|
- |
|
danny_morris
|
lazy_seo
|
Unrestricted file upload vulnerability in lazyseo.php in the Lazy SEO plugin 1.1.9 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a PHP file, then accessing it via a…
|
NVD-CWE-Other
|
CVE-2013-5961
|
2024-11-21 10:58 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283553
|
- |
|
adcisolutions
|
node_view_permissions
|
The Node View Permissions module 7.x-1.x before 7.x-1.2 for Drupal does not properly implement the hook_query_alter function, which might allow remote attackers to obtain sensitive information by rea…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-5965
|
2024-11-21 10:58 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283554
|
- |
|
joachim_noreiko
|
flag_module
|
Cross-site scripting (XSS) vulnerability in the administration page in the Flag module 7.x-3.x before 7.x-3.1 for Drupal allows remote authenticated users with the "Administer flags" permission to in…
|
CWE-79
Cross-site Scripting
|
CVE-2013-5964
|
2024-11-21 10:58 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283555
|
- |
|
owasp
|
enterprise_security_api
|
The authenticated-encryption feature in the symmetric-encryption implementation in the OWASP Enterprise Security API (ESAPI) for Java 2.x before 2.1.0.1 does not properly resist tampering with serial…
|
CWE-310
Cryptographic Issues
|
CVE-2013-5960
|
2024-11-21 10:58 |
2013-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283556
|
- |
|
bluecoat
|
proxysgos
proxysg
|
Blue Coat ProxySG before 6.2.14.1, 6.3.x, 6.4.x, and 6.5 before 6.5.2 allows remote attackers to cause a denial of service (memory consumption and dropped connections) via a recursive href in an HTML…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-5959
|
2024-11-21 10:58 |
2013-09-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283557
|
- |
|
graphite_project
|
graphite
|
Multiple cross-site scripting (XSS) vulnerabilities in Graphite before 0.9.11 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2013-5943
|
2024-11-21 10:58 |
2013-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283558
|
- |
|
graphite_project
|
graphite
|
Graphite 0.9.5 through 0.9.10 uses the pickle Python module unsafely, which allows remote attackers to execute arbitrary code via a crafted serialized object, related to (1) remote_storage.py, (2) st…
|
CWE-94
Code Injection
|
CVE-2013-5942
|
2024-11-21 10:58 |
2013-09-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283559
|
- |
|
click2sell
|
click2sell_suite_module
|
Cross-site scripting (XSS) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to inject arbitrary web script or HTML via a confirmation form.
|
CWE-79
Cross-site Scripting
|
CVE-2013-5938
|
2024-11-21 10:58 |
2013-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
283560
|
- |
|
click2sell
|
click2sell_suite_module
|
Cross-site request forgery (CSRF) vulnerability in the Click2Sell Suite module 6.x-1.x for Drupal allows remote attackers to hijack the authentication of administrators for requests that delete datab…
|
CWE-352
Origin Validation Error
|
CVE-2013-5937
|
2024-11-21 10:58 |
2013-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
