|
282751
|
6.1 |
MEDIUM
Network
|
count_per_day_project
|
count_per_day
|
The "Count per Day" plugin before 3.2.6 for WordPress allows XSS via the wp-admin/?page=cpd_metaboxes daytoshow parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2013-7472
|
2024-11-21 11:01 |
2019-06-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282752
|
9.8 |
CRITICAL
Network
|
dlink
|
dir-300_firmware
dir-600_firmware
dir-645_firmware
dir-845_firmware
dir-865_firmware
|
An issue was discovered in soap.cgi?service=WANIPConn1 on D-Link DIR-845 before v1.02b03, DIR-600 before v2.17b01, DIR-645 before v1.04b11, DIR-300 rev. B, and DIR-865 devices. There is Command Injec…
|
CWE-77
Command Injection
|
CVE-2013-7471
|
2024-11-21 11:01 |
2019-06-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282753
|
5.9 |
MEDIUM
Network
|
linux
|
linux_kernel
|
cipso_v4_validate in include/net/cipso_ipv4.h in the Linux kernel before 3.11.7, when CONFIG_NETLABEL is disabled, allows attackers to cause a denial of service (infinite loop and crash), as demonstr…
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2013-7470
|
2024-11-21 11:01 |
2019-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282754
|
8.1 |
HIGH
Network
|
simplemachines
|
simple_machines_forum
|
Simple Machines Forum (SMF) 2.0.4 allows PHP Code Injection via the index.php?action=admin;area=languages;sa=editlang dictionary parameter.
|
CWE-94
Code Injection
|
CVE-2013-7468
|
2024-11-21 11:01 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282755
|
6.1 |
MEDIUM
Network
|
simplemachines
|
simple_machines_forum
|
Simple Machines Forum (SMF) 2.0.4 allows XSS via the index.php?action=pm;sa=settings;save sa parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2013-7467
|
2024-11-21 11:01 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282756
|
8.8 |
HIGH
Network
|
simplemachines
|
simple_machines_forum
|
Simple Machines Forum (SMF) 2.0.4 allows local file inclusion, with resultant remote code execution, in install.php via ../ directory traversal in the db_type parameter if install.php remains present…
|
CWE-22
Path Traversal
|
CVE-2013-7466
|
2024-11-21 11:01 |
2019-03-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282757
|
7.5 |
HIGH
Network
|
seafile
|
seafile
|
Seafile through 6.2.11 always uses the same Initialization Vector (IV) with Cipher Block Chaining (CBC) Mode to encrypt private data, making it easier to conduct chosen-plaintext attacks or dictionar…
|
CWE-326
Inadequate Encryption Strength
|
CVE-2013-7469
|
2024-11-21 11:01 |
2019-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282758
|
9.8 |
CRITICAL
Network
|
icecoldapps
|
servers_ultimate
|
Ice Cold Apps Servers Ultimate 6.0.2(12) does not require authentication for TELNET, SSH, or FTP, which allows remote attackers to execute arbitrary code by uploading PHP scripts.
|
CWE-287
Improper Authentication
|
CVE-2013-7465
|
2024-11-21 11:01 |
2018-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282759
|
8.8 |
HIGH
Network
|
csrf-magic_project
|
csrf-magic
|
In csrf-magic before 1.0.4, if $GLOBALS['csrf']['secret'] is not configured, the Anti-CSRF Token used is predictable and would permit an attacker to bypass the CSRF protections, because an automatica…
|
CWE-352
Origin Validation Error
|
CVE-2013-7464
|
2024-11-21 11:01 |
2018-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
282760
|
5.5 |
MEDIUM
Local
|
check_mk_project
|
check_mk
|
Check_MK through 1.2.5i2p1 allows local users to read arbitrary files via a symlink attack to a file in /var/lib/check_mk_agent/job.
|
CWE-59
Link Following
|
CVE-2014-0243
|
2024-11-21 11:01 |
2018-07-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
