|
284631
|
- |
|
entity_reference_project
|
entityreference
|
The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allows remote attackers to read private nodes titles by leveraging edit permissions to a node that references a private node.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7066
|
2024-11-21 11:00 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284632
|
- |
|
organic_groups_project
|
organic_groups
|
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7068
|
2024-11-21 11:00 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284633
|
- |
|
organic_groups_project
|
organic_groups
|
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7065
|
2024-11-21 11:00 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284634
|
- |
|
freelance-it-consultant
|
eu_cookie_compliance
|
Cross-site scripting (XSS) vulnerability in the EU Cookie Compliance module 7.x-1.x before 7.x-1.12 for Drupal allows remote authenticated administrators with the "Administer EU Cookie Compliance pop…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7064
|
2024-11-21 11:00 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284635
|
- |
|
invitation_project
|
invitation
|
The Invitation module 7.x-2.x for Drupal does not properly check permissions, which allows remote attackers to obtain sensitive information via unspecified default views.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7063
|
2024-11-21 11:00 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284636
|
- |
|
python
apple
|
python
mac_os_x
|
Python before 3.3.4 RC1 allows remote attackers to cause a denial of service (infinite loop and CPU consumption) via a file size value larger than the size of the zip file to the (1) ZipExtFile.read,…
|
CWE-20
Improper Input Validation
|
CVE-2013-7338
|
2024-11-21 11:00 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284637
|
- |
|
phpfox
|
phpfox
|
static/ajax.php in PHPFox 3.7.3, 3.7.4, and 3.7.5 allows remote authenticated users to bypass intended "Only Me" restrictions and comment on a private publication via a request with a modified val[it…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7196
|
2024-11-21 11:00 |
2014-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284638
|
- |
|
phpfox
|
phpfox
|
PHPFox 3.7.3 and 3.7.4 allows remote authenticated users to bypass intended "Only Me" restrictions and "like" a publication via a request that specifies the ID for the publication.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7195
|
2024-11-21 11:00 |
2014-04-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284639
|
- |
|
f-secure
|
email_and_server_security
anti-virus
server_security
|
SQL injection vulnerability in an unspecified DLL in the FSDBCom ActiveX control in F-Secure Anti-Virus for Microsoft Exchange Server before HF02, Anti-Virus for Windows Servers 9.00 before HF09, Ant…
|
CWE-89
SQL Injection
|
CVE-2013-7369
|
2024-11-21 11:00 |
2014-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
284640
|
- |
|
raoul_proenca
|
gnew
|
Multiple cross-site scripting (XSS) vulnerabilities in Gnew 2013.1 allow remote attackers to inject arbitrary web script or HTML via the gnew_template parameter to (1) users/profile.php, (2) articles…
|
CWE-79
Cross-site Scripting
|
CVE-2013-7368
|
2024-11-21 11:00 |
2014-04-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
