|
257771
|
- |
|
gitlab
|
gitlab
gitlab-shell
|
The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.
|
NVD-CWE-Other
|
CVE-2013-4546
|
2014-05-15 02:07 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257772
|
- |
|
gitlab
|
gitlab
gitlab-shell
|
Per: http://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
NVD-CWE-Other
|
CVE-2013-4546
|
2014-05-15 02:07 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257773
|
- |
|
monster_menus_module_project
|
monster_menus
|
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4504
|
2014-05-15 01:57 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257774
|
- |
|
feed_element_mapper_project
|
feed_element_mapper
|
Cross-site scripting (XSS) vulnerability in the Feed Element Mapper module for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTM…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4503
|
2014-05-15 01:50 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257775
|
- |
|
quiz_module_project
|
quiz
|
The default views in the Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote attackers to obtain sensitive quiz results via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4501
|
2014-05-15 01:43 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257776
|
- |
|
quiz_module_project
|
quiz
|
The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote authenticated users with the "view any quiz results" or "view results for own quiz" permission to delete arbitrary results via the dele…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4500
|
2014-05-15 01:36 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257777
|
- |
|
gitlab
|
gitlab
gitlab-shell
|
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands …
|
NVD-CWE-Other
|
CVE-2013-4490
|
2014-05-15 00:49 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257778
|
- |
|
gitlab
|
gitlab
gitlab-shell
|
Per: http://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
NVD-CWE-Other
|
CVE-2013-4490
|
2014-05-15 00:49 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257779
|
- |
|
o-dyn
|
collabtive
|
SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php.
|
CWE-89
SQL Injection
|
CVE-2014-3246
|
2014-05-15 00:40 |
2014-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257780
|
- |
|
tipsandtricks-hq
|
wordpress_simple_paypal_shopping_cart
|
Cross-site request forgery (CSRF) vulnerability in the WordPress Simple Paypal Shopping Cart plugin before 3.6 for WordPress allows remote attackers to hijack the authentication of administrators for…
|
CWE-352
Origin Validation Error
|
CVE-2013-2705
|
2014-05-15 00:35 |
2014-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
