|
287511
|
- |
|
gitlab
|
gitlab
|
The Grit gem for Ruby, as used in GitLab 5.2 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands, as demonstrated by the search box for the GitLab code …
|
NVD-CWE-Other
|
CVE-2013-4489
|
2024-11-21 10:55 |
2014-05-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287512
|
- |
|
openstack
|
horizon
|
The Identity v3 API in OpenStack Dashboard (Horizon) before 2013.2 does not require the current password when changing passwords for user accounts, which makes it easier for remote attackers to chang…
|
CWE-287
Improper Authentication
|
CVE-2013-4471
|
2024-11-21 10:55 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287513
|
- |
|
vicidial
|
vicidial
|
VICIDIAL dialer (aka Asterisk GUI client) 2.8-403a, 2.7, 2.7RC1, and earlier allows remote authenticated users to execute arbitrary commands via shell metacharacters in the extension parameter in an …
|
NVD-CWE-Other
|
CVE-2013-4468
|
2024-11-21 10:55 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287514
|
- |
|
katello
|
katello_installer
|
Katello Installer before 0.0.18 uses world-readable permissions for /etc/pki/tls/private/katello-node.key when deploying a child Pulp node, which allows local users to obtain the private key by readi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4455
|
2024-11-21 10:55 |
2014-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287515
|
- |
|
madeofcode
|
omniauth-facebook
|
The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter.
|
CWE-352
Origin Validation Error
|
CVE-2013-4562
|
2024-11-21 10:55 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287516
|
- |
|
drupalauth_project
|
drupalauth
|
lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for simpleSAMLphp allows remote attackers to authenticate as an arbitrary user via the user name (uid) in a cookie.
|
CWE-287
Improper Authentication
|
CVE-2013-4552
|
2024-11-21 10:55 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287517
|
- |
|
gitlab
|
gitlab
gitlab-shell
|
The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.
|
NVD-CWE-Other
|
CVE-2013-4546
|
2024-11-21 10:55 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287518
|
- |
|
monster_menus_module_project
|
monster_menus
|
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4504
|
2024-11-21 10:55 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287519
|
- |
|
feed_element_mapper_project
|
feed_element_mapper
|
Cross-site scripting (XSS) vulnerability in the Feed Element Mapper module for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTM…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4503
|
2024-11-21 10:55 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
287520
|
- |
|
nathan_haug
|
filefield_sources
|
The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4502
|
2024-11-21 10:55 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
