|
290411
|
- |
|
simplemachines
|
simple_machines_forum
|
Simple Machines Forum (SMF) 2.0.6, 1.1.19, and earlier allows remote attackers to impersonate arbitrary users via a Unicode homoglyph character in a username.
|
CWE-20
Improper Input Validation
|
CVE-2013-7236
|
2024-11-21 11:00 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290412
|
- |
|
simplemachines
|
simple_machines_forum
|
Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to impersonate arbitrary users via multiple space characters characters.
|
CWE-20
Improper Input Validation
|
CVE-2013-7235
|
2024-11-21 11:00 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290413
|
- |
|
simplemachines
|
simple_machines_forum
|
Simple Machines Forum (SMF) before 1.1.19 and 2.x before 2.0.6 allows remote attackers to conduct clickjacking attacks via an X-Frame-Options header.
|
CWE-20
Improper Input Validation
|
CVE-2013-7234
|
2024-11-21 11:00 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290414
|
- |
|
gnome
|
gnome-shell
|
The automatic screen lock functionality in GNOME Shell (aka gnome-shell) before 3.10 does not prevent access to the "Enter a Command" dialog, which allows physically proximate attackers to execute ar…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7221
|
2024-11-21 11:00 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290415
|
- |
|
gnome
|
gnome-shell
|
js/ui/screenShield.js in GNOME Shell (aka gnome-shell) before 3.8 allows physically proximate attackers to execute arbitrary commands by leveraging an unattended workstation with the keyboard focus o…
|
NVD-CWE-Other
|
CVE-2013-7220
|
2024-11-21 11:00 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290416
|
- |
|
phusion
|
juvia
|
Juvia uses the same secret key for all installations, which allows remote attackers to have unspecified impact by leveraging the secret key in app/config/initializers/secret_token.rb, related to cook…
|
CWE-255
Credentials Management
|
CVE-2013-7134
|
2024-11-21 11:00 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290417
|
- |
|
basespace_ruby_sdk_project
|
basespace_ruby_sdk
|
The put_call function in the API client (api/api_client.rb) in the BaseSpace Ruby SDK (aka bio-basespace-sdk) gem 0.1.7 for Ruby uses the API_KEY on the command line, which allows remote attackers to…
|
CWE-200
Information Exposure
|
CVE-2013-7111
|
2024-11-21 11:00 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290418
|
- |
|
entity_reference_project
|
entityreference
|
The Entity reference module 7.x-1.x before 7.x-1.1-rc1 for Drupal allows remote attackers to read private nodes titles by leveraging edit permissions to a node that references a private node.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7066
|
2024-11-21 11:00 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290419
|
- |
|
organic_groups_project
|
organic_groups
|
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7068
|
2024-11-21 11:00 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290420
|
- |
|
organic_groups_project
|
organic_groups
|
The Organic Groups (OG) module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7065
|
2024-11-21 11:00 |
2014-04-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
