258691
|
- |
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via a -o-link attribu…
|
CWE-79
Cross-site Scripting
|
CVE-2013-6454
|
2014-05-13 23:21 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258692
|
- |
|
mediawiki
|
mediawiki
|
MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 does not properly sanitize SVG files, which allows remote attackers to have unspecified impact via invalid XML.
|
CWE-20
Improper Input Validation
|
CVE-2013-6453
|
2014-05-13 23:01 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258693
|
- |
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via crafted XSL in an…
|
CWE-79
Cross-site Scripting
|
CVE-2013-6452
|
2014-05-13 22:36 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258694
|
- |
|
microweber
|
microweber
|
Directory traversal vulnerability in userfiles/modules/admin/backup/delete.php in Microweber before 0.830 allows remote attackers to delete arbitrary files via a .. (dot dot) in the file parameter.
|
CWE-22
Path Traversal
|
CVE-2013-5984
|
2014-05-13 22:21 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258695
|
- |
|
simplerisk
|
simplerisk
|
Cross-site scripting (XSS) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to inject arbitrary web script or HTML via the new_project par…
|
CWE-79
Cross-site Scripting
|
CVE-2013-5749
|
2014-05-13 21:59 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258696
|
- |
|
simplerisk
|
simplerisk
|
Cross-site request forgery (CSRF) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that…
|
CWE-352
Origin Validation Error
|
CVE-2013-5748
|
2014-05-13 21:53 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258697
|
- |
|
mark_evans
|
fog-dragonfly
|
lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for Ruby allows remote attackers to execute arbitrary commands via unspecified vectors.
|
NVD-CWE-Other
|
CVE-2013-5671
|
2014-05-13 21:38 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258698
|
- |
|
mark_evans
|
fog-dragonfly
|
Per: http://cwe.mitre.org/data/definitions/77.html
"CWE-77: Improper Neutralization of Special Elements used in a Command ('Command Injection')"
|
NVD-CWE-Other
|
CVE-2013-5671
|
2014-05-13 21:38 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258699
|
- |
|
gitlab
|
gitlab gitlab-shell
|
GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH.
|
CWE-94
Code Injection
|
CVE-2013-4581
|
2014-05-13 03:29 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
258700
|
- |
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web s…
|
CWE-79
Cross-site Scripting
|
CVE-2013-4574
|
2014-05-13 01:38 |
2014-05-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|