|
257801
|
- |
|
mark_evans
|
fog-dragonfly
|
Per: http://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
NVD-CWE-Other
|
CVE-2013-5671
|
2014-05-13 21:38 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257802
|
- |
|
gitlab
|
gitlab
gitlab-shell
|
GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH.
|
CWE-94
Code Injection
|
CVE-2013-4581
|
2014-05-13 03:29 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257803
|
- |
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web s…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4574
|
2014-05-13 01:38 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257804
|
- |
|
mediawiki
|
mediawiki
|
Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4571
|
2014-05-13 01:32 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257805
|
- |
|
mediawiki
|
mediawiki
|
The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of…
|
NVD-CWE-Other
|
CVE-2013-4570
|
2014-05-13 01:13 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257806
|
- |
|
mediawiki
|
mediawiki
|
Per: http://cwe.mitre.org/data/definitions/476.html
"CWE-476: NULL Pointer Dereference"
|
NVD-CWE-Other
|
CVE-2013-4570
|
2014-05-13 01:13 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257807
|
- |
|
herry
|
sfpagent
|
lib/sfpagent/bsig.rb in the sfpagent gem before 0.4.15 for Ruby allows remote attackers to execute arbitrary commands via shell metacharacters in the module name in a JSON request.
|
NVD-CWE-Other
|
CVE-2014-2888
|
2014-05-10 13:06 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257808
|
- |
|
herry
|
sfpagent
|
Per: https://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
NVD-CWE-Other
|
CVE-2014-2888
|
2014-05-10 13:06 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257809
|
- |
|
sap
|
netweaver_software_lifecycle_manager
|
The Java Server Pages in the Software Lifecycle Manager (SLM) in SAP NetWeaver allows remote attackers to obtain sensitive information via a crafted request, related to SAP Solution Manager 7.1.
|
CWE-200
Information Exposure
|
CVE-2014-3129
|
2014-05-10 13:06 |
2014-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
257810
|
- |
|
sap
|
netweaver_abap_application_server
|
The ABAP Help documentation and translation tools (BC-DOC-HLP) in Basis in SAP Netweaver ABAP Application Server does not properly restrict access, which allows local users to gain privileges and exe…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2014-3130
|
2014-05-10 13:06 |
2014-04-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
