|
259971
|
- |
|
mediawiki
|
mediawiki
|
Unrestricted file upload vulnerability in the chunk upload API in MediaWiki 1.19 through 1.19.6 and 1.20.x before 1.20.6 allows remote attackers to execute arbitrary code by uploading a file with an …
|
NVD-CWE-Other
|
CVE-2013-2114
|
2013-11-22 02:32 |
2013-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259972
|
- |
|
mediawiki
|
mediawiki
|
CWE-434: Unrestricted Upload of File with Dangerous Type per http://cwe.mitre.org/data/definitions/434.html
|
NVD-CWE-Other
|
CVE-2013-2114
|
2013-11-22 02:32 |
2013-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259973
|
- |
|
gnu
|
gnutls
|
Buffer overflow in the dane_query_tlsa function in the DANE library (libdane) in GnuTLS 3.1.x before 3.1.15 and 3.2.x before 3.2.5 allows remote servers to cause a denial of service (memory corruptio…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-4466
|
2013-11-22 02:06 |
2013-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259974
|
- |
|
lockon
|
ec-cube
|
data/class/helper/SC_Helper_Address.php in the front-features implementation in LOCKON EC-CUBE 2.12.3 through 2.13.0 allows remote authenticated users to obtain sensitive information via unspecified …
|
CWE-200
Information Exposure
|
CVE-2013-5995
|
2013-11-21 23:58 |
2013-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259975
|
- |
|
lockon
|
ec-cube
|
Per: http://jvndb.jvn.jp/en/contents/2013/JVNDB-2013-000106.html
"User's information may be obtained or altered by other user who visits the shopping site"
|
CWE-200
Information Exposure
|
CVE-2013-5995
|
2013-11-21 23:58 |
2013-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259976
|
- |
|
lockon
|
ec-cube
|
Multiple cross-site scripting (XSS) vulnerabilities in shopping/payment.tpl components in LOCKON EC-CUBE 2.11.0 through 2.13.0 allow remote attackers to inject arbitrary web script or HTML via crafte…
|
CWE-79
Cross-site Scripting
|
CVE-2013-5996
|
2013-11-21 23:58 |
2013-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259977
|
- |
|
pineapp
|
mail-secure
|
Absolute path traversal vulnerability in admin/viewmsg.php in PineApp Mail-SeCure allows remote attackers to read arbitrary files via a full pathname in the msg parameter.
|
CWE-22
Path Traversal
|
CVE-2013-6827
|
2013-11-21 23:46 |
2013-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259978
|
- |
|
pineapp
|
mail-secure
|
admin/management.html in PineApp Mail-SeCure allows remote attackers to bypass authentication and perform a sys_usermng operation via the it parameter.
|
CWE-287
Improper Authentication
|
CVE-2013-6828
|
2013-11-21 23:45 |
2013-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259979
|
- |
|
pineapp
|
mail-secure
|
admin/confnetworking.html in PineApp Mail-SeCure allows remote attackers to execute arbitrary commands via shell metacharacters in the pinghost parameter during a ping operation.
|
CWE-94
Code Injection
|
CVE-2013-6829
|
2013-11-21 23:45 |
2013-11-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
259980
|
- |
|
lockon
|
ec-cube
|
The displaySystemError function in html/handle_error.php in LOCKON EC-CUBE 2.11.0 through 2.11.5 allows remote attackers to obtain sensitive information by leveraging incorrect handling of error-log …
|
CWE-200
Information Exposure
|
CVE-2013-5991
|
2013-11-21 23:36 |
2013-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
