|
295171
|
8.8 |
HIGH
Network
|
otrs
|
otrs_itsm
otrs
|
Multiple SQL injection vulnerabilities in Open Ticket Request System (OTRS) Help Desk 3.0.x before 3.0.22, 3.1.x before 3.1.18, and 3.2.x before 3.2.9 allow remote authenticated users to execute arbi…
|
CWE-89
SQL Injection
|
CVE-2013-4717
|
2024-11-21 10:56 |
2021-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295172
|
5.5 |
MEDIUM
Network
|
prestashop
|
prestashop
|
PrestaShop before 1.4.11 allows logout CSRF.
|
CWE-352
Origin Validation Error
|
CVE-2013-4792
|
2024-11-21 10:56 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295173
|
5.4 |
MEDIUM
Network
|
prestashop
|
prestashop
|
PrestaShop before 1.4.11 allows Logistician, translators and other low level profiles/accounts to inject a persistent XSS vector on TinyMCE.
|
CWE-79
Cross-site Scripting
|
CVE-2013-4791
|
2024-11-21 10:56 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295174
|
6.5 |
MEDIUM
Network
|
micasaverde
|
veralite_firmware
|
Cross-site request forgery (CSRF) vulnerability in upgrade_step2.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to hijack the authentication of users for requests that insta…
|
CWE-352
Origin Validation Error
|
CVE-2013-4865
|
2024-11-21 10:56 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295175
|
9.8 |
CRITICAL
Network
|
micasaverde
|
veralite_firmware
|
MiCasaVerde VeraLite with firmware 1.5.408 allows remote attackers to send HTTP requests to intranet servers via the url parameter to cgi-bin/cmh/proxy.sh, related to a Server-Side Request Forgery (S…
|
CWE-918
Server-Side Request Forgery (SSRF)
|
CVE-2013-4864
|
2024-11-21 10:56 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295176
|
8.8 |
HIGH
Network
|
micasaverde
|
veralite_firmware
|
The HomeAutomationGateway service in MiCasaVerde VeraLite with firmware 1.5.408 allows (1) remote attackers to execute arbitrary Lua code via a RunLua action in a request to upnp/control/hag on port …
|
CWE-287
Improper Authentication
|
CVE-2013-4863
|
2024-11-21 10:56 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295177
|
8.1 |
HIGH
Network
|
micasaverde
|
veralite_firmware
|
MiCasaVerde VeraLite with firmware 1.5.408 does not properly restrict access, which allows remote authenticated users to (1) update the firmware via the squashfs parameter to upgrade_step2.sh or (2) …
|
CWE-863
Incorrect Authorization
|
CVE-2013-4862
|
2024-11-21 10:56 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295178
|
6.5 |
MEDIUM
Network
|
micasaverde
|
veralite_firmware
|
Directory traversal vulnerability in cgi-bin/cmh/get_file.sh in MiCasaVerde VeraLite with firmware 1.5.408 allows remote authenticated users to read arbirary files via a .. (dot dot) in the filename …
|
CWE-22
Path Traversal
|
CVE-2013-4861
|
2024-11-21 10:56 |
2020-01-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295179
|
6.1 |
MEDIUM
Network
|
eucalyptus
|
eucalyptus_management_console
|
Cross-site scripting (XSS) vulnerability in Eucalyptus Management Console (EMC) 4.0.x before 4.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2013-4770
|
2024-11-21 10:56 |
2020-01-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295180
|
6.1 |
MEDIUM
Network
|
sensiolabs
fedoraproject
|
symfony
fedora
|
Symfony 2.0.X before 2.0.24, 2.1.X before 2.1.12, 2.2.X before 2.2.5, and 2.3.X before 2.3.3 have an issue in the HttpFoundation component. The Host header can be manipulated by an attacker when the …
|
CWE-79
Cross-site Scripting
|
CVE-2013-4752
|
2024-11-21 10:56 |
2020-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
