|
285781
|
- |
|
feed_element_mapper_project
|
feed_element_mapper
|
Cross-site scripting (XSS) vulnerability in the Feed Element Mapper module for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTM…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4503
|
2024-11-21 10:55 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285782
|
- |
|
nathan_haug
|
filefield_sources
|
The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4502
|
2024-11-21 10:55 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285783
|
- |
|
quiz_module_project
|
quiz
|
The default views in the Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote attackers to obtain sensitive quiz results via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4501
|
2024-11-21 10:55 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285784
|
- |
|
quiz_module_project
|
quiz
|
The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote authenticated users with the "view any quiz results" or "view results for own quiz" permission to delete arbitrary results via the dele…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4500
|
2024-11-21 10:55 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285785
|
- |
|
gitlab
|
gitlab
gitlab-shell
|
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands …
|
NVD-CWE-Other
|
CVE-2013-4490
|
2024-11-21 10:55 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285786
|
- |
|
gitlab
|
gitlab
gitlab-shell
|
GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH.
|
CWE-94
Code Injection
|
CVE-2013-4581
|
2024-11-21 10:55 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285787
|
- |
|
gitlab
|
gitlab
|
GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication …
|
CWE-287
Improper Authentication
|
CVE-2013-4580
|
2024-11-21 10:55 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285788
|
- |
|
gnu
|
grub
|
A certain Debian patch for GNU GRUB uses world-readable permissions for grub.cfg, which allows local users to obtain password hashes, as demonstrated by reading the password_pbkdf2 directive in the f…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4577
|
2024-11-21 10:55 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285789
|
- |
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web s…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4574
|
2024-11-21 10:55 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285790
|
- |
|
mediawiki
|
mediawiki
|
Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4571
|
2024-11-21 10:55 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
