|
288991
|
- |
|
redhat
theforeman
|
openstack
foreman
|
app/controllers/api/v1/hosts_controller.rb in Foreman before 1.2.2 does not properly restrict access to hosts, which allows remote attackers to access arbitrary hosts via an API request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4182
|
2024-11-21 10:55 |
2013-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288992
|
- |
|
redhat
theforeman
|
openstack
foreman
|
The (1) power and (2) ipmi_boot actions in the HostController in Foreman before 1.2.2 allow remote attackers to cause a denial of service (memory consumption) via unspecified input that is converted …
|
CWE-20
Improper Input Validation
|
CVE-2013-4180
|
2024-11-21 10:55 |
2013-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288993
|
- |
|
openstack
|
havana
compute
|
The security group extension in OpenStack Compute (Nova) Grizzly 2013.1.3, Havana before havana-3, and earlier allows remote attackers to cause a denial of service (resource consumption and crash) vi…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4179
|
2024-11-21 10:55 |
2013-09-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288994
|
- |
|
moodle
|
moodle
|
Multiple cross-site scripting (XSS) vulnerabilities in Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 allow remote attackers to inject arbitrary web script or H…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4341
|
2024-11-21 10:55 |
2013-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288995
|
- |
|
moodle
|
moodle
|
Moodle through 2.2.11, 2.3.x before 2.3.9, 2.4.x before 2.4.6, and 2.5.x before 2.5.2 does not prevent use of '\0' characters in query strings, which might allow remote attackers to conduct SQL injec…
|
CWE-89
SQL Injection
|
CVE-2013-4313
|
2024-11-21 10:55 |
2013-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288996
|
- |
|
xen
|
xen
|
The xenlight library (libxl) in Xen 4.0.x through 4.2.x, when IOMMU is disabled, provides access to a busmastering-capable PCI passthrough device before the IOMMU setup is complete, which allows loca…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4329
|
2024-11-21 10:55 |
2013-09-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288997
|
- |
|
liquidthreads_project
|
liquidthreads
|
Cross-site scripting (XSS) vulnerability in pages/TalkpageHistoryView.php in the LiquidThreads (LQT) extension 2.x and possibly 3.x for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4308
|
2024-11-21 10:55 |
2013-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288998
|
- |
|
mediawiki
|
mediawiki
|
Multiple cross-site scripting (XSS) vulnerabilities in repo/includes/EntityView.php in the Wikibase extension for MediaWiki 1.19.x before 1.19.8, 1.20.x before 1.20.7, and 1.21.x before 1.21.2 allow …
|
CWE-79
Cross-site Scripting
|
CVE-2013-4307
|
2024-11-21 10:55 |
2013-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288999
|
- |
|
wordpress
|
wordpress
|
wp-admin/includes/post.php in WordPress before 3.6.1 allows remote authenticated users to spoof the authorship of a post by leveraging the Author role and providing a modified user_ID parameter.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4340
|
2024-11-21 10:55 |
2013-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289000
|
- |
|
wordpress
|
wordpress
|
WordPress before 3.6.1 does not properly validate URLs before use in an HTTP redirect, which allows remote attackers to bypass intended redirection restrictions via a crafted string.
|
CWE-20
Improper Input Validation
|
CVE-2013-4339
|
2024-11-21 10:55 |
2013-09-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
