|
285871
|
- |
|
moodle
|
moodle
|
Directory traversal vulnerability in repository/filesystem/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to read …
|
CWE-22
Path Traversal
|
CVE-2013-4524
|
2024-11-21 10:55 |
2013-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285872
|
- |
|
moodle
|
moodle
|
Cross-site scripting (XSS) vulnerability in message/lib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 allows remote authenticated users to inject arbit…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4523
|
2024-11-21 10:55 |
2013-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285873
|
- |
|
moodle
|
moodle
|
lib/filelib.php in Moodle through 2.2.11, 2.3.x before 2.3.10, 2.4.x before 2.4.7, and 2.5.x before 2.5.3 does not send "Cache-Control: private" HTTP headers, which allows remote attackers to obtain …
|
CWE-200
Information Exposure
|
CVE-2013-4522
|
2024-11-21 10:55 |
2013-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285874
|
- |
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in the ZeroRatedMobileAccess extension for MediaWiki 1.19.x before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to inject ar…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4573
|
2024-11-21 10:55 |
2013-11-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285875
|
- |
|
ibus_project
opensuse
|
ibus
opensuse
|
The default configuration of IBUS 1.5.4, and possibly 1.5.2 and earlier, when IBus.InputPurpose.PASSWORD is not set and used with GNOME 3, does not obscure the entered password characters, which allo…
|
CWE-255
Credentials Management
|
CVE-2013-4509
|
2024-11-21 10:55 |
2013-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285876
|
- |
|
ruby-lang
|
ruby
|
Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1 before 2.1.0 preview2, and trunk before revision 43780 allows context-dependent attackers to cause a denial o…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4164
|
2024-11-21 10:55 |
2013-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285877
|
- |
|
f5
opensuse
suse
|
nginx
opensuse
studio_onsite
webyast
lifecycle_management_server
|
nginx 0.8.41 through 1.4.3 and 1.5.x before 1.5.7 allows remote attackers to bypass intended restrictions via an unescaped space character in a URI.
|
CWE-116
Improper Encoding or Escaping of Output
|
CVE-2013-4547
|
2024-11-21 10:55 |
2013-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285878
|
- |
|
robert_ancell
canonical
|
lightdm
ubuntu_linux
|
LightDM 1.7.5 through 1.8.3 and 1.9.x before 1.9.2 does not apply the AppArmor profile to the Guest account, which allows local users to bypass intended restrictions by leveraging the Guest account.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4459
|
2024-11-21 10:55 |
2013-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285879
|
- |
|
http-body_project
|
http-body
|
HTTP::Body::Multipart in the HTTP-Body module for Perl (1.07 through 1.22, before 1.23) uses the part of the uploaded file's name after the first "." character as the suffix of a temporary file, whic…
|
NVD-CWE-noinfo
|
CVE-2013-4407
|
2024-11-21 10:55 |
2013-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
285880
|
- |
|
openstack
|
image_registry_and_delivery_service_\(glance\)
|
The API before 2.1 in OpenStack Image Registry and Delivery Service (Glance) makes it easier for local users to inject images into arbitrary tenants by adding the tenant as a member of the image.
|
CWE-20
Improper Input Validation
|
CVE-2013-4354
|
2024-11-21 10:55 |
2013-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
