|
288451
|
- |
|
moodle
|
moodle
|
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or H…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4341
|
2024-11-21 10:55 |
2013-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288452
|
- |
|
moodle
|
moodle
|
Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injec…
|
CWE-89
SQL Injection
|
CVE-2013-4313
|
2024-11-21 10:55 |
2013-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288453
|
- |
|
xen
|
xen
|
The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows loca…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4329
|
2024-11-21 10:55 |
2013-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288454
|
- |
|
liquidthreads_project
|
liquidthreads
|
Cross-site scripting (XSS) vulnerability in pages/TalkpageHistoryView.php in the LiquidThreads (LQT) extension 2.x and possibly 3.x for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4308
|
2024-11-21 10:55 |
2013-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288455
|
- |
|
mediawiki
|
mediawiki
|
Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow …
|
CWE-79
Cross-site Scripting
|
CVE-2013-4307
|
2024-11-21 10:55 |
2013-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288456
|
- |
|
wordpress
|
wordpress
|
wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4340
|
2024-11-21 10:55 |
2013-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288457
|
- |
|
wordpress
|
wordpress
|
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.
|
CWE-20
Improper Input Validation
|
CVE-2013-4339
|
2024-11-21 10:55 |
2013-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288458
|
- |
|
wordpress
|
wordpress
|
wp-includes/functions.php in WordPress before 3.6.1 does not properly determine whether data has been serialized, which allows remote attackers to execute arbitrary code by triggering erroneous PHP u…
|
CWE-94
Code Injection
|
CVE-2013-4338
|
2024-11-21 10:55 |
2013-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288459
|
- |
|
imagemagick
|
imagemagick
|
The ReadGIFImage function in coders/gif.c in ImageMagick before 6.7.8-8 allows remote attackers to cause a denial of service (memory corruption and application crash) via a crafted comment in a GIF i…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4298
|
2024-11-21 10:55 |
2013-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288460
|
- |
|
fedoraproject
|
389_directory_server
|
ns-slapd in 389 Directory Server before 1.3.0.8 allows remote attackers to cause a denial of service (server crash) via a crafted Distinguished Name (DN) in a MOD operation request.
|
CWE-20
Improper Input Validation
|
CVE-2013-4283
|
2024-11-21 10:55 |
2013-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
