257841
|
- |
|
gordon_heydon
|
secure_pages
|
The Secure Pages module 6.x-2.x before 6.x-2.0 for Drupal does not properly match URLs, which causes HTTP to be used instead of HTTPS and makes it easier for remote attackers to obtain sensitive info…
|
CWE-310
Cryptographic Issues
|
CVE-2013-4595
|
2014-06-25 00:37 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257842
|
- |
|
mambo-foundation
|
mambo_cms
|
Mambo CMS 4.6.5 stores the MySQL database password in cleartext in the document root, which allows local users to obtain sensitive information via unspecified vectors.
|
CWE-255
Credentials Management
|
CVE-2013-2562
|
2014-06-25 00:34 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257843
|
- |
|
mambo-foundation
|
mambo_cms
|
Mambo CMS 4.6.5 uses world-readable permissions on configuration.php, which allows local users to obtain the admin password hash by reading the file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-2563
|
2014-06-25 00:29 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257844
|
- |
|
mambo-foundation
|
mambo_cms
|
Mambo CMS 4.6.5 allows remote attackers to cause a denial of service (memory and bandwidth consumption) by uploading a crafted file.
|
CWE-399
Resource Management Errors
|
CVE-2013-2564
|
2014-06-25 00:20 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257845
|
- |
|
rik_de_boer
|
revisioning
|
The Revisioning module 7.x-1.x before 7.x-1.6 for Drupal does not properly check node access permissions for content marked unpublished by the Scheduled module, which allows remote authenticated user…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4597
|
2014-06-25 00:10 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257846
|
- |
|
livezilla
|
livezilla
|
LiveZilla before 5.1.1.0 stores the admin Base64 encoded username and password in a 1click file, which allows local users to obtain access by reading the file.
|
CWE-255
Credentials Management
|
CVE-2013-6223
|
2014-06-25 00:03 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257847
|
- |
|
autocomplete_widgets_project
|
autocomplete_widgets
|
The autocomplete callback in Autocomplete Widgets for Text and Number Fields (autocomplete_widgets) module 6.x-1.x before 6.x-1.4 and 7.x-1.x before 7.x-1.0-rc1 does not properly handle node permissi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-1973
|
2014-06-25 00:01 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257848
|
- |
|
vinay_sajip
|
python-gnupg
|
python-gnupg before 0.3.5 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in unspecified vectors.
|
NVD-CWE-Other
|
CVE-2013-7323
|
2014-06-24 23:59 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257849
|
- |
|
vinay_sajip
|
python-gnupg
|
Per: http://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
NVD-CWE-Other
|
CVE-2013-7323
|
2014-06-24 23:59 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
257850
|
- |
|
fail2ban
|
fail2ban
|
The (1) dshield.conf, (2) mail-buffered.conf, (3) mynetwatchman.conf, and (4) mynetwatchman.conf actions in action.d/ in Fail2ban before 0.8.5 allows local users to write to arbitrary files via a sym…
|
CWE-59
Link Following
|
CVE-2009-5023
|
2014-06-24 23:51 |
2014-06-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|