19 matches found
EUVD-2013-2566
Malware in sbrugna...
EUVD-2013-2567
Malware in sbrugna...
EUVD-2013-2568
Malware in sbrugna...
[CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Leed Light Feed Vendor: Valentin CARRUESCO aka Idleman CSNC ID: CSNC-2013-005 SQL Injection, CSNC-2013-006 CSRF, CSNC-2013-007 Authentication Bypass CVD ID: CVE-2013-2627 SQL Injection, CVE-2013-2628 CSRF,...
CVE-2013-2629
Leed Light Feed, possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the 1 importForm, 2 importFeed, 3 addFavorite, or 4 removeFavorite actions in action.php...
Authorization
Leed Light Feed, possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the 1 importForm, 2 importFeed, 3 addFavorite, or 4 removeFavorite actions in action.php...
CVE-2013-2629
Leed Light Feed, possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the 1 importForm, 2 importFeed, 3 addFavorite, or 4 removeFavorite actions in action.php...
CVE-2013-2629
Leed (Light Feed) before 1.5 Stable is affected by CVE-2013-2629 through an authentication bypass in action.php, enabling remote attackers to access functions such as importForm, importFeed, addFavorite, and removeFavorite without proper user verification. The issue is part of a set of vulnerabil...
CVE-2013-2628
Multiple cross-site request forgery CSRF vulnerabilities in action.php in Leed Light Feed, possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token...
CVE-2013-2627
SQL injection vulnerability in action.php in Leed Light Feed, possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in action.php in Leed Light Feed, possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token...
Sql injection
SQL injection vulnerability in action.php in Leed Light Feed, possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action...
Leed Authentication Bypass, SQL Injection, CSRF
COMPASS SECURITY ADVISORY http://www.csnc.ch/en/downloads/advisories.html Product: Leed Light Feed Vendor: Valentin CARRUESCO aka Idleman CSNC ID: CSNC-2013-005 SQL Injection, CSNC-2013-006 CSRF, CSNC-2013-007 Authentication Bypass CVD ID: CVE-2013-2627 SQL Injection, CVE-2013-2628 CSRF,...
CVE-2013-2628
Multiple cross-site request forgery CSRF vulnerabilities in action.php in Leed Light Feed, possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token...
CVE-2013-2628
Leed (Light Feed) contains CSRF vulnerabilities in action.php (CVE-2013-2628), likely present before 1.5 Stable. The issue arises from missing anti-CSRF tokens, allowing an attacker to perform actions as a logged-in administrator by inducing the admin to visit a malicious link or site. The CSNC a...
CVE-2013-2627
CVE-2013-2627 describes a SQL injection in Leed (Light Feed) through action.php?action=removeFolder&id=... where user input is not properly escaped. The CSNC advisory confirms multiple vulnerabilities in Leed, including this SQL injection, and notes the vendor-provided fix was to upgrade to the l...
CVE-2013-2627
SQL injection vulnerability in action.php in Leed Light Feed, possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action...
Leed - id SQL Injection
Leed - id SQL Injection source: https://www.securityfocus.com/bid/64426/info Leed is prone to an SQL-injection vulnerability. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...
Leed - 'id' SQL Injection
source: https://www.securityfocus.com/bid/64426/info Leed is prone to an SQL-injection vulnerability. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database...