258661
|
- |
|
nathan_haug
|
filefield_sources
|
The FileField Sources module 6.x-1.x before 6.x-1.9 and 7.x-1.x before 7.x-1.9 for Drupal does not properly check file permissions, which allows remote authenticated users to read arbitrary files by …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4502
|
2014-05-15 03:34 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258662
|
- |
|
oracle
|
openjdk
|
Unspecified vulnerability in OpenJDK 6 before 6b31 on Debian GNU/Linux and Ubuntu 12.04 LTS and 10.04 LTS has unknown impact and attack vectors, a different vulnerability than CVE-2014-2405.
|
NVD-CWE-noinfo
|
CVE-2014-0462
|
2014-05-15 03:30 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258663
|
- |
|
openvpn
|
openvpn_access_server
|
Cross-site request forgery (CSRF) vulnerability in the Admin web interface in OpenVPN Access Server before 1.8.5 allows remote attackers to hijack the authentication of administrators for requests th…
|
CWE-352
Origin Validation Error
|
CVE-2013-2692
|
2014-05-15 03:04 |
2014-05-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258664
|
- |
|
drupalauth_project
|
drupalauth
|
lib/Auth/Source/External.php in the drupalauth module before 1.2.2 for simpleSAMLphp allows remote attackers to authenticate as an arbitrary user via the user name (uid) in a cookie.
|
CWE-287
Improper Authentication
|
CVE-2013-4552
|
2014-05-15 03:00 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258665
|
- |
|
canonical
|
software-properties ubuntu_linux
|
ppa.py in Software Properties before 0.81.13.3 does not validate the server certificate when downloading PPA GPG key fingerprints, which allows man-in-the-middle (MITM) attackers to spoof GPG keys fo…
|
CWE-20
Improper Input Validation
|
CVE-2011-4407
|
2014-05-15 02:57 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258666
|
- |
|
gitlab
|
gitlab
|
Cross-site scripting (XSS) vulnerability in GitLab Enterprise Edition (EE) 6.6.0 before 6.6.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2014-3456
|
2014-05-15 02:49 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258667
|
- |
|
madeofcode
|
omniauth-facebook
|
The omniauth-facebook gem 1.4.1 before 1.5.0 does not properly store the session parameter, which allows remote attackers to conduct cross-site request forgery (CSRF) attacks via the state parameter.
|
CWE-352
Origin Validation Error
|
CVE-2013-4562
|
2014-05-15 02:19 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258668
|
- |
|
gitlab
|
gitlab gitlab-shell
|
The repository import feature in gitlab-shell before 1.7.4, as used in GitLab, allows remote authenticated users to execute arbitrary commands via the import URL.
|
NVD-CWE-Other
|
CVE-2013-4546
|
2014-05-15 02:07 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258669
|
- |
|
gitlab
|
gitlab gitlab-shell
|
Per: http://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
NVD-CWE-Other
|
CVE-2013-4546
|
2014-05-15 02:07 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258670
|
- |
|
monster_menus_module_project
|
monster_menus
|
The Monster Menus module 7.x-1.x before 7.x-1.15 allows remote attackers to read arbitrary node comments via a crafted URL.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-4504
|
2014-05-15 01:57 |
2014-05-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|