|
284551
|
8.8 |
HIGH
Local
|
qemu
redhat
|
qemu
enterprise_linux_server_tus
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
virtualization
|
The virtqueue_map_sg function in hw/virtio/virtio.c in QEMU before 1.7.2 allows remote attackers to execute arbitrary files via a crafted savevm image, related to virtio-block or virtio-serial read.
|
CWE-20
Improper Input Validation
|
CVE-2013-4535
|
2024-11-21 10:55 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284552
|
9.8 |
CRITICAL
Network
|
pydio
|
pydio
|
Ajaxeplorer before 5.0.1 allows remote attackers to execute arbitrary commands via shell metacharacters in the (1) archive_name parameter to the Power FS module (plugins/action.powerfs/class.PowerFSC…
|
CWE-78
OS Command
|
CVE-2013-4267
|
2024-11-21 10:55 |
2020-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284553
|
9.8 |
CRITICAL
Network
|
openpne
|
opopensocialplugin
|
opOpenSocialPlugin 0.8.2.1, > 0.9.9.2, 0.9.13, 1.2.6: Multiple XML External Entity Injection Vulnerabilities
|
CWE-776
XML Entity Expansion
|
CVE-2013-4335
|
2024-11-21 10:55 |
2020-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284554
|
9.8 |
CRITICAL
Network
|
tejimaya
|
opwebapiplugin
|
opWebAPIPlugin 0.5.1, 0.4.0, and 0.1.0: XXE Vulnerabilities
|
CWE-611
XXE
|
CVE-2013-4334
|
2024-11-21 10:55 |
2020-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284555
|
9.8 |
CRITICAL
Network
|
nuxeo
|
nuxeo
|
RichFaces implementation in Nuxeo Platform 5.6.0 before HF27 and 5.8.0 before HF-01 does not restrict the classes for which deserialization methods can be called, which allows remote attackers to exe…
|
CWE-502
Deserialization of Untrusted Data
|
CVE-2013-4521
|
2024-11-21 10:55 |
2020-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284556
|
7.5 |
HIGH
Network
|
mediawiki
fedoraproject
|
mediawiki
fedora
|
The CentralNotice extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 sets the Cache-Control header to cache session cookies when a user is autocreated, which allows…
|
CWE-384
Session Fixation
|
CVE-2013-4572
|
2024-11-21 10:55 |
2020-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284557
|
7.5 |
HIGH
Network
|
gnome
redhat
|
evolution
evolution_data_server
enterprise_linux_desktop
enterprise_linux_server
enterprise_linux_workstation
|
The gpg_ctx_add_recipient function in camel/camel-gpg-context.c in GNOME Evolution 3.8.4 and earlier and Evolution Data Server 3.9.5 and earlier does not properly select the GPG key to use for email …
|
CWE-200
Information Exposure
|
CVE-2013-4166
|
2024-11-21 10:55 |
2020-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284558
|
6.1 |
MEDIUM
Network
|
hitmyserver
|
hms_testimonials
|
Multiple cross-site scripting (XSS) vulnerabilities in the HMS Testimonials plugin before 2.0.11 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) name, (2) imag…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4241
|
2024-11-21 10:55 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284559
|
6.5 |
MEDIUM
Network
|
flippy_project
|
flippy
|
The Flippy module 7.x-1.x before 7.x-1.2 for Drupal does not properly restrict access to nodes, which allows remote authenticated users with the permission to access content to read a link or alias t…
|
CWE-200
Information Exposure
|
CVE-2013-4187
|
2024-11-21 10:55 |
2020-01-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284560
|
8.8 |
HIGH
Network
|
gitlab
|
gitlab
gitlab-shell
|
The parse_cmd function in lib/gitlab_shell.rb in GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote authenticated…
|
CWE-269
Improper Privilege Management
|
CVE-2013-4583
|
2024-11-21 10:55 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
