|
288891
|
- |
|
danielkorte
|
nodeaccesskeys
|
The Node Access Keys module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permissions, which allows remote attackers to bypass access restrictions via a node listing.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4596
|
2024-11-21 10:55 |
2014-06-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288892
|
- |
|
google_authenticator_login_project
|
ga_login
|
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal allows remote attackers to obtain access by replaying the username, password, and one-time password …
|
CWE-287
Improper Authentication
|
CVE-2013-4178
|
2024-11-21 10:55 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288893
|
- |
|
google_authenticator_login_project
|
ga_login
|
The Google Authenticator login module 6.x-1.x before 6.x-1.2 and 7.x-1.x before 7.x-1.4 for Drupal does not properly identify user account names, which might allow remote attackers to bypass the two-…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4177
|
2024-11-21 10:55 |
2014-05-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288894
|
- |
|
groups_communities_and_co_project
|
gcc
|
The Groups, Communities and Co (GCC) module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vecto…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4598
|
2024-11-21 10:55 |
2014-05-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288895
|
- |
|
gentoo
|
nullmailer
|
The Gentoo Nullmailer package before 1.11-r2 uses world-readable permissions for /etc/nullmailer/remotes, which allows local users to obtain SMTP authentication credentials by reading the file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4223
|
2024-11-21 10:55 |
2014-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288896
|
- |
|
mediafront
|
mediafront
|
Cross-site scripting (XSS) vulnerability in the MediaFront module 6.x-1.x before 6.x-1.6, 7.x-1.x before 7.x-1.6, and 7.x-2.x before 7.x-2.1 for Drupal allows remote authenticated users with the "adm…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4380
|
2024-11-21 10:55 |
2014-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288897
|
- |
|
urbanairship
|
python-oauth2
|
The (1) make_nonce, (2) generate_nonce, and (3) generate_verifier functions in SimpleGeo python-oauth2 uses weak random numbers to generate nonces, which makes it easier for remote attackers to guess…
|
CWE-310
Cryptographic Issues
|
CVE-2013-4347
|
2024-11-21 10:55 |
2014-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288898
|
- |
|
urbanairship
|
python-oauth2
|
The Server.verify_request function in SimpleGeo python-oauth2 does not check the nonce, which allows remote attackers to perform replay attacks via a signed URL.
|
CWE-310
Cryptographic Issues
|
CVE-2013-4346
|
2024-11-21 10:55 |
2014-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288899
|
- |
|
typo3
|
typo3
|
The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.8 and 6.1.x before 6.1.4 allows remote authenticated editors to execute arbitrary PHP code via unspecified characters in the file extension …
|
CWE-94
Code Injection
|
CVE-2013-4321
|
2024-11-21 10:55 |
2014-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288900
|
- |
|
typo3
|
typo3
|
The File Abstraction Layer (FAL) in TYPO3 6.0.x before 6.0.9 and 6.1.x before 6.1.4 does not properly check permissions, which allows remote authenticated users to create or read arbitrary files via …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4320
|
2024-11-21 10:55 |
2014-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
