258131
|
- |
|
mediawiki
|
mediawiki
|
Cross-site request forgery (CSRF) vulnerability in Special:CreateCategory in the SemanticForms extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attac…
|
CWE-352
Origin Validation Error
|
CVE-2014-3454
|
2014-05-14 02:53 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258132
|
- |
|
makina-corpus
|
soappy
|
SOAPpy 0.12.5 does not properly detect recursion during entity expansion, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a crafted SOAP request containing…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2014-3243
|
2014-05-14 02:39 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258133
|
- |
|
makina-corpus
|
soappy
|
SOAPpy 0.12.5 allows remote attackers to read arbitrary files via a SOAP request containing an external entity declaration in conjunction with an entity reference, related to an XML External Entity (…
|
CWE-200
Information Exposure
|
CVE-2014-3242
|
2014-05-14 02:37 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258134
|
- |
|
mediawiki
|
mediawiki
|
MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to obtain information about deleted page via the (1) log API, (2) enhanced RecentChanges, and (3) user w…
|
CWE-200
Information Exposure
|
CVE-2013-6472
|
2014-05-13 23:43 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258135
|
- |
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribu…
|
CWE-79
Cross-site Scripting
|
CVE-2013-6454
|
2014-05-13 23:21 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258136
|
- |
|
mediawiki
|
mediawiki
|
MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML.
|
CWE-20
Improper Input Validation
|
CVE-2013-6453
|
2014-05-13 23:01 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258137
|
- |
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an…
|
CWE-79
Cross-site Scripting
|
CVE-2013-6452
|
2014-05-13 22:36 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258138
|
- |
|
microweber
|
microweber
|
Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file parameter.
|
CWE-22
Path Traversal
|
CVE-2013-5984
|
2014-05-13 22:21 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258139
|
- |
|
simplerisk
|
simplerisk
|
Cross-site scripting (XSS) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to inject arbitrary web script or HTML via the new_project par…
|
CWE-79
Cross-site Scripting
|
CVE-2013-5749
|
2014-05-13 21:59 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258140
|
- |
|
simplerisk
|
simplerisk
|
Cross-site request forgery (CSRF) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that…
|
CWE-352
Origin Validation Error
|
CVE-2013-5748
|
2014-05-13 21:53 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|