258111
|
- |
|
madeofcode
|
omniauth-facebook
|
The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter.
|
CWE-352
Origin Validation Error
|
CVE-2013-4562
|
2014-05-15 02:19 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258112
|
- |
|
gitlab
|
gitlab gitlab-shell
|
The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.
|
NVD-CWE-Other
|
CVE-2013-4546
|
2014-05-15 02:07 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258113
|
- |
|
gitlab
|
gitlab gitlab-shell
|
Per: http://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
NVD-CWE-Other
|
CVE-2013-4546
|
2014-05-15 02:07 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258114
|
- |
|
monster_menus_module_project
|
monster_menus
|
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4504
|
2014-05-15 01:57 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258115
|
- |
|
feed_element_mapper_project
|
feed_element_mapper
|
Cross-site scripting (XSS) vulnerability in the Feed Element Mapper module for Drupal allows remote authenticated users with the "administer taxonomy" permission to inject arbitrary web script or HTM…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4503
|
2014-05-15 01:50 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258116
|
- |
|
quiz_module_project
|
quiz
|
The default views in the Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote attackers to obtain sensitive quiz results via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4501
|
2014-05-15 01:43 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258117
|
- |
|
quiz_module_project
|
quiz
|
The Quiz module 6.x-4.x before 6.x-4.5 for Drupal allows remote authenticated users with the "view any quiz results" or "view results for own quiz" permission to delete arbitrary results via the dele…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4500
|
2014-05-15 01:36 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258118
|
- |
|
gitlab
|
gitlab gitlab-shell
|
The SSH key upload feature (lib/gitlab_keys.rb) in gitlab-shell before 1.7.3, as used in GitLab 5.0 before 5.4.1 and 6.x before 6.2.3, allows remote authenticated users to execute arbitrary commands …
|
NVD-CWE-Other
|
CVE-2013-4490
|
2014-05-15 00:49 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258119
|
- |
|
gitlab
|
gitlab gitlab-shell
|
Per: http://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
NVD-CWE-Other
|
CVE-2013-4490
|
2014-05-15 00:49 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258120
|
- |
|
o-dyn
|
collabtive
|
SQL injection vulnerability in Collabtive 1.2 allows remote authenticated users to execute arbitrary SQL commands via the folder parameter in a fileview_list action to manageajax.php.
|
CWE-89
SQL Injection
|
CVE-2014-3246
|
2014-05-15 00:40 |
2014-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|