|
291421
|
9.8 |
CRITICAL
Network
|
xstream_project
|
xstream
|
Xstream API versions up to 1.4.6 and version 1.4.10, if the security framework has not been initialized, may allow a remote attacker to run arbitrary shell commands by manipulating the processed inpu…
|
CWE-78
OS Command
|
CVE-2013-7285
|
2024-11-21 11:00 |
2019-05-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291422
|
5.5 |
MEDIUM
Local
|
gitolite
|
gitolite
|
gitolite before commit fa06a34 might allow local users to read arbitrary files in repositories via vectors related to the user umask when running gitolite setup.
|
CWE-200
Information Exposure
|
CVE-2013-7203
|
2024-11-21 11:00 |
2018-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291423
|
8.1 |
HIGH
Network
|
paypal
|
paypal
|
The WebHybridClient class in PayPal 5.3 and earlier for Android allows remote attackers to execute arbitrary JavaScript on the system.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-7202
|
2024-11-21 11:00 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291424
|
7.4 |
HIGH
Network
|
paypal
|
paypal
|
WebHybridClient.java in PayPal 5.3 and earlier for Android ignores SSL errors, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information.
|
CWE-295
Improper Certificate Validation
|
CVE-2013-7201
|
2024-11-21 11:00 |
2018-04-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291425
|
7.5 |
HIGH
Network
|
sybase
|
adaptive_server_enterprise
|
The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP …
|
CWE-285
Improper Authorization
|
CVE-2013-7245
|
2024-11-21 11:00 |
2018-04-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291426
|
6.5 |
MEDIUM
Network
|
evergreen-ils
|
evergreen
|
The open-ils.pcrud endpoint in Evergreen before 2.5.9, 2.6.x before 2.6.7, and 2.7.x before 2.7.4 allows remote attackers to obtain sensitive settings history information by leveraging lack of user p…
|
CWE-200
Information Exposure
|
CVE-2013-7435
|
2024-11-21 11:00 |
2018-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291427
|
7.5 |
HIGH
Network
|
dkd
|
direct_mail
|
The Direct Mail (direct_mail) extension before 3.1.2 for TYPO3 allows remote attackers to obtain sensitive information by leveraging improper checking of authentication codes.
|
CWE-200
Information Exposure
|
CVE-2013-7400
|
2024-11-21 11:00 |
2017-12-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291428
|
8.1 |
HIGH
Network
|
codem-transcode_project
|
codem-transcode
|
The codem-transcode module before 0.5.0 for Node.js, when ffprobe is enabled, allows remote attackers to execute arbitrary commands via a POST request to /probe.
|
CWE-77
Command Injection
|
CVE-2013-7377
|
2024-11-21 11:00 |
2017-10-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291429
|
9.8 |
CRITICAL
Network
|
mapsplugin
|
googlemaps
|
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to conduct XML injection attacks via the url parameter to plugin_googlemap2_proxy.php.
|
CWE-91
Blind XPath Injection
|
CVE-2013-7429
|
2024-11-21 11:00 |
2017-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291430
|
7.5 |
HIGH
Network
|
mapsplugin
|
googlemaps
|
The Googlemaps plugin before 3.1 for Joomla! allows remote attackers to cause a denial of service via the url parameter to plugin_googlemap2_proxy.php.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2013-7428
|
2024-11-21 11:00 |
2017-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
