|
287501
|
- |
|
uplawski
|
creme_fraiche
|
The set_meta_data function in lib/cremefraiche.rb in the Creme Fraiche gem before 0.6.1 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the file name of an …
|
CWE-78
OS Command
|
CVE-2013-2090
|
2024-11-21 10:51 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287502
|
- |
|
mail_on_update_project
|
mail_on_update
|
Cross-site request forgery (CSRF) vulnerability in the Mail On Update plugin before 5.2.0 for WordPress allows remote attackers to hijack the authentication of administrators for requests that change…
|
CWE-352
Origin Validation Error
|
CVE-2013-2107
|
2024-11-21 10:51 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287503
|
- |
|
glpi-project
|
glpi
|
Multiple SQL injection vulnerabilities in GLPI before 0.83.9 allow remote attackers to execute arbitrary SQL commands via the (1) users_id_assign parameter to ajax/ticketassigninformation.php, (2) fi…
|
CWE-89
SQL Injection
|
CVE-2013-2226
|
2024-11-21 10:51 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287504
|
- |
|
galleryproject
|
gallery
|
Multiple cross-site scripting (XSS) vulnerabilities in Gallery 3 before 3.0.7 allow remote attackers to inject arbitrary web script or HTML via the (1) movie title to modules/gallery/controllers/movi…
|
CWE-79
Cross-site Scripting
|
CVE-2013-2087
|
2024-11-21 10:51 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287505
|
- |
|
apache
|
archiva
|
Cross-site scripting (XSS) vulnerability in Apache Archiva 1.2 through 1.2.2 and 1.3 before 1.3.8 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters, related to…
|
CWE-79
Cross-site Scripting
|
CVE-2013-2187
|
2024-11-21 10:51 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287506
|
- |
|
jonathan_leung
|
show_in_browser
|
The Show In Browser (show_in_browser) gem 0.0.3 for Ruby allows local users to inject arbitrary web script or HTML via a symlink attack on /tmp/browser.html.
|
CWE-59
Link Following
|
CVE-2013-2105
|
2024-11-21 10:51 |
2014-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287507
|
- |
|
redhat
theforeman
|
network_satellite
katello
|
The users controller in Katello 1.5.0-14 and earlier, and Red Hat Satellite, does not check authorization for the update_roles action, which allows remote authenticated users to gain privileges by se…
|
CWE-20
Improper Input Validation
|
CVE-2013-2143
|
2024-11-21 10:51 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287508
|
- |
|
roberta_bramski
|
uploader
|
Multiple cross-site scripting (XSS) vulnerabilities in views/notify.php in the Uploader plugin 1.0.4 for WordPress allow remote attackers to inject arbitrary web script or HTML via the (1) notify or …
|
CWE-79
Cross-site Scripting
|
CVE-2013-2287
|
2024-11-21 10:51 |
2014-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287509
|
- |
|
jgaa
|
warftpd
|
Unspecified vulnerability in War FTP Daemon (warftpd) 1.82, when running as a Windows service, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via unk…
|
NVD-CWE-noinfo
|
CVE-2013-2278
|
2024-11-21 10:51 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287510
|
- |
|
getsymphony
|
symphony
|
SQL injection vulnerability in Symphony CMS before 2.3.2 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter to system/authors/. NOTE: this can be leveraged us…
|
CWE-89
SQL Injection
|
CVE-2013-2559
|
2024-11-21 10:51 |
2014-03-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
