|
258331
|
- |
|
kasseler-cms
|
kasseler-cms
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Kasseler CMS before 2 r1232 allow remote attackers to hijack the authentication of administrators for requests that conduct SQL injection…
|
CWE-352
Origin Validation Error
|
CVE-2013-3729
|
2014-03-14 02:42 |
2014-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258332
|
- |
|
zldnn
|
dnnarticle
|
SQL injection vulnerability in the RSS page (DNNArticleRSS.aspx) in the ZLDNN DNNArticle module before 10.1 for DotNetNuke allows remote attackers to execute arbitrary SQL commands via the categoryid…
|
CWE-89
SQL Injection
|
CVE-2013-5117
|
2014-03-14 01:06 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258333
|
- |
|
dotnetnuke
|
dotnetnuke
|
Open redirect vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2013-7335
|
2014-03-14 00:56 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258334
|
- |
|
dotnetnuke
|
dotnetnuke
|
Cross-site scripting (XSS) vulnerability in DotNetNuke (DNN) before 6.2.9 and 7.x before 7.1.1 allows remote authenticated users to inject arbitrary web script or HTML via vectors related to the Disp…
|
CWE-79
Cross-site Scripting
|
CVE-2013-3943
|
2014-03-14 00:24 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258335
|
- |
|
raoul_proenca
|
gnew
|
Directory traversal vulnerability in users/login.php in Gnew 2013.1 and earlier allows remote attackers to read arbitrary files via a .. (dot dot) in the gnew_language cookie.
|
CWE-22
Path Traversal
|
CVE-2013-5639
|
2014-03-13 03:03 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258336
|
- |
|
raoul_proenca
|
gnew
|
CVE-2013-5639 CVSS assessment per LFI:
https://www.htbridge.com/advisory/HTB23171
"1) PHP File Inclusion in Gnew: CVE-2013-5639
Vulnerability exists due to insufficient validation of user-supplie…
|
CWE-22
Path Traversal
|
CVE-2013-5639
|
2014-03-13 03:03 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258337
|
- |
|
plone
|
plone
|
(1) cb_decode.py and (2) linkintegrity.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allow remote authenticated users to cause a denial of service (resource consumption) v…
|
CWE-20
Improper Input Validation
|
CVE-2013-4199
|
2014-03-12 10:48 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258338
|
- |
|
plone
|
plone
|
mail_password.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to bypass the prohibition on password changes via the forgotten password emai…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4198
|
2014-03-12 10:44 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258339
|
- |
|
plone
|
plone
|
member_portrait.py in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 allows remote authenticated users to modify or delete portraits of other users via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2013-4197
|
2014-03-12 10:40 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
258340
|
- |
|
plone
|
plone
|
The object manager implementation (objectmanager.py) in Plone 2.1 through 4.1, 4.2.x through 4.2.5, and 4.3.x through 4.3.1 does not properly restrict access to internal methods, which allows remote …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4196
|
2014-03-12 10:37 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
