Vulnerabilities
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2014-05-12 | CVE-2013-5749 | Cross-Site Scripting vulnerability in Simplerisk 20130915001 Cross-site scripting (XSS) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to inject arbitrary web script or HTML via the new_project parameter. | 4.3 |
2014-05-12 | CVE-2013-5748 | Cross-Site Request Forgery (CSRF) vulnerability in Simplerisk 20130915001 Cross-site request forgery (CSRF) vulnerability in management/prioritize_planning.php in SimpleRisk before 20130916-001 allows remote attackers to hijack the authentication of users for requests that add projects via an add_project action. | 6.8 |
2014-05-12 | CVE-2013-5671 | Unspecified vulnerability in Mark Evans Fog-Dragonfly 0.8.2 lib/dragonfly/imagemagickutils.rb in the fog-dragonfly gem 0.8.2 for Ruby allows remote attackers to execute arbitrary commands via unspecified vectors. | 7.5 |
2014-05-12 | CVE-2013-4581 | Code Injection vulnerability in Gitlab and Gitlab-Shell GitLab 5.0 before 5.4.2, Community Edition before 6.2.4, Enterprise Edition before 6.2.1 and gitlab-shell before 1.7.8 allows remote attackers to execute arbitrary code via a crafted change using SSH. | 6.8 |
2014-05-12 | CVE-2013-4580 | Improper Authentication vulnerability in Gitlab GitLab before 5.4.2, Community Edition before 6.2.4, and Enterprise Edition before 6.2.1, when using a MySQL backend, allows remote attackers to impersonate arbitrary users and bypass authentication via unspecified API calls. | 6.8 |
2014-05-12 | CVE-2013-4574 | Cross-Site Scripting vulnerability in Mediawiki Cross-site scripting (XSS) vulnerability in the TimeMediaHandler extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to inject arbitrary web script or HTML via vectors related to videos. | 4.3 |
2014-05-12 | CVE-2013-4571 | Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Mediawiki Buffer overflow in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 has unspecified impact and remote vectors. | 7.5 |
2014-05-12 | CVE-2013-4570 | Unspecified vulnerability in Mediawiki The zend_inline_hash_func function in php-luasandbox in the Scribuntu extension for MediaWiki before 1.19.10, 1.2x before 1.21.4, and 1.22.x before 1.22.1 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via vectors related to converting Lua data structures to PHP, as demonstrated by passing { [{}] = 1 } to a module function. | 5.0 |
2014-05-10 | CVE-2014-2603 | Unspecified vulnerability in HP products Unspecified vulnerability on HP 8/20q switches, SN6000 switches, and 8Gb Simple SAN Connection Kit with firmware before 8.0.14.08.00 allows remote authenticated users to obtain sensitive information via unknown vectors. | 1.7 |
2014-05-10 | CVE-2013-6220 | Cross-Site Scripting vulnerability in HP Network Node Manager I 9.0/9.10/9.20 Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 9.0, 9.10, and 9.20 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | 4.3 |