|
257571
|
- |
|
mediawiki
|
mediawiki
|
The CleanChanges extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3, when "Group changes by page in recent changes and watchlist" is enabled, allows remote attacker…
|
CWE-200
Information Exposure
|
CVE-2013-4569
|
2013-12-17 00:54 |
2013-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257572
|
- |
|
mediawiki
|
mediawiki
|
Cross-site request forgery (CSRF) vulnerability in the CentralAuth extension for MediaWiki before 1.19.9, 1.20.x before 1.20.8, and 1.21.x before 1.21.3 allows remote attackers to hijack the authenti…
|
CWE-352
Origin Validation Error
|
CVE-2012-5394
|
2013-12-17 00:24 |
2013-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257573
|
- |
|
instantsoft
|
instantcms
|
SQL injection vulnerability in InstantSoft InstantCMS 1.10.3 and earlier allows remote attackers to execute arbitrary SQL commands via the orderby parameter to catalog/[id].
|
CWE-89
SQL Injection
|
CVE-2013-6839
|
2013-12-17 00:13 |
2013-12-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257574
|
- |
|
fedoraproject
janrain
|
fedora
ruby-openid
|
The ruby-openid gem before 2.2.2 for Ruby allows remote OpenID providers to cause a denial of service (CPU consumption) via (1) a large XRDS document or (2) an XML Entity Expansion (XEE) attack.
|
CWE-399
Resource Management Errors
|
CVE-2013-1812
|
2013-12-14 01:12 |
2013-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257575
|
- |
|
microsoft
|
enhanced_mitigation_experience_toolkit
|
Microsoft Enhanced Mitigation Experience Toolkit (EMET) before 4.0 uses predictable addresses for hooked functions, which makes it easier for context-dependent attackers to defeat the ASLR protection…
|
CWE-200
Information Exposure
|
CVE-2013-6791
|
2013-12-13 14:22 |
2013-11-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257576
|
- |
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in the Space function in Cybozu Garoon before 3.7.0, when Firefox is used, allows remote attackers to inject arbitrary web script or HTML via unspecified vect…
|
CWE-79
Cross-site Scripting
|
CVE-2013-6901
|
2013-12-13 14:22 |
2013-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257577
|
- |
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in a mail component in Cybozu Garoon before 3.7.0, when Internet Explorer 6 through 8 is used, allows remote attackers to inject arbitrary web script or HTML …
|
CWE-79
Cross-site Scripting
|
CVE-2013-6906
|
2013-12-13 14:22 |
2013-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257578
|
- |
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in a calendar component in Cybozu Garoon before 3.7.2, when Internet Explorer 6 through 9 is used, allows remote authenticated users to inject arbitrary web s…
|
CWE-79
Cross-site Scripting
|
CVE-2013-6912
|
2013-12-13 14:22 |
2013-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257579
|
- |
|
cybozu
|
garoon
|
Cross-site scripting (XSS) vulnerability in the Yahoo! User Interface Library in Cybozu Garoon before 3.7.2, when Internet Explorer 9 or 10 or Chrome is used, allows remote attackers to inject arbitr…
|
CWE-79
Cross-site Scripting
|
CVE-2013-6916
|
2013-12-13 14:22 |
2013-12-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257580
|
- |
|
nowsms
|
now_sms_\&_mms_gateway
|
The Multimedia Messaging Centre (MMSC) in NowSMS Now SMS & MMS Gateway 2013.09.26 allows remote attackers to cause a denial of service via a malformed message to a MM4 connection.
|
CWE-20
Improper Input Validation
|
CVE-2013-7000
|
2013-12-13 14:22 |
2013-12-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
