|
288161
|
- |
|
gordon_heydon
|
secure_pages
|
The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive info…
|
CWE-310
Cryptographic Issues
|
CVE-2013-4595
|
2024-11-21 10:55 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288162
|
- |
|
danielkorte
|
nodeaccesskeys
|
The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4596
|
2024-11-21 10:55 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288163
|
- |
|
google_authenticator_login_project
|
ga_login
|
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password …
|
CWE-287
Improper Authentication
|
CVE-2013-4178
|
2024-11-21 10:55 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288164
|
- |
|
google_authenticator_login_project
|
ga_login
|
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4177
|
2024-11-21 10:55 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288165
|
- |
|
groups_communities_and_co_project
|
gcc
|
The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vecto…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4598
|
2024-11-21 10:55 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288166
|
- |
|
gentoo
|
nullmailer
|
The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4223
|
2024-11-21 10:55 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288167
|
- |
|
mediafront
|
mediafront
|
Cross-site scripting (XSS) vulnerability in the MediaFront module 6.x-1.x before 6.x-1.6, 7.x-1.x before 7.x-1.6, and 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "adm…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4380
|
2024-11-21 10:55 |
2014-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288168
|
- |
|
urbanairship
|
python-oauth2
|
The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess…
|
CWE-310
Cryptographic Issues
|
CVE-2013-4347
|
2024-11-21 10:55 |
2014-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288169
|
- |
|
urbanairship
|
python-oauth2
|
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.
|
CWE-310
Cryptographic Issues
|
CVE-2013-4346
|
2024-11-21 10:55 |
2014-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288170
|
- |
|
typo3
|
typo3
|
The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension …
|
CWE-94
Code Injection
|
CVE-2013-4321
|
2024-11-21 10:55 |
2014-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
