|
291261
|
- |
|
php-fusion
|
php-fusion
|
PHP-Fusion before 7.02.06 stores backup files with predictable filenames in an unrestricted directory under the web document root, which might allow remote attackers to obtain sensitive information v…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1807
|
2024-11-21 10:50 |
2014-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291262
|
- |
|
php-fusion
|
php-fusion
|
Multiple directory traversal vulnerabilities in PHP-Fusion before 7.02.06 allow remote authenticated users to include and execute arbitrary files via a .. (dot dot) in the (1) user_theme parameter to…
|
CWE-22
Path Traversal
|
CVE-2013-1806
|
2024-11-21 10:50 |
2014-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291263
|
- |
|
php-fusion
|
php-fusion
|
Multiple cross-site scripting (XSS) vulnerabilities in PHP-Fusion before 7.02.06 allow remote attackers to inject arbitrary web script or HTML via the (1) highlight parameter to forum/viewthread.php;…
|
CWE-79
Cross-site Scripting
|
CVE-2013-1804
|
2024-11-21 10:50 |
2014-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291264
|
- |
|
ushahidi
|
ushahidi_platform
|
Cross-site scripting (XSS) vulnerability in Ushahidi Platform 2.5.x through 2.6.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2013-2025
|
2024-11-21 10:50 |
2014-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291265
|
- |
|
packagekit_project
|
packagekit
|
The Zypper (aka zypp) backend in PackageKit before 0.8.8 allows local users to downgrade packages via the "install updates" method.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1764
|
2024-11-21 10:50 |
2014-04-17 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291266
|
- |
|
jenkins
cloudbees
|
jenkins
|
Cross-site scripting (XSS) vulnerability in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allows remote authenticated users with writ…
|
CWE-79
Cross-site Scripting
|
CVE-2013-2033
|
2024-11-21 10:50 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291267
|
- |
|
restful_web_services_project
|
restful_web_services
|
The RESTful Web Services (RESTWS) module 7.x-1.x before 7.x-1.3 and 7.x-2.x before 7.x-2.0-alpha5 for Drupal, when page caching is enabled and anonymous users are assigned RESTWS permissions, allows …
|
CWE-20
Improper Input Validation
|
CVE-2013-1946
|
2024-11-21 10:50 |
2014-04-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291268
|
- |
|
ganglia
|
ganglia-web
|
Cross-site scripting (XSS) vulnerability in views_view.php in Ganglia Web 3.5.7 allows remote attackers to inject arbitrary web script or HTML via the view_name parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2013-1770
|
2024-11-21 10:50 |
2014-04-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291269
|
- |
|
redhat
|
spacewalk-java
satellite
|
CRLF injection vulnerability in spacewalk-java before 2.1.148-1 and Red Hat Network (RHN) Satellite 5.6 allows remote attackers to inject arbitrary HTTP headers, and conduct HTTP response splitting a…
|
CWE-20
Improper Input Validation
|
CVE-2013-1869
|
2024-11-21 10:50 |
2014-04-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291270
|
- |
|
owncloud
|
owncloud
|
ownCloud before 5.0.6 does not properly check permissions, which allows remote authenticated users to execute arbitrary API commands via unspecified vectors. NOTE: this can be leveraged using CSRF t…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2048
|
2024-11-21 10:50 |
2014-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
