Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

8 matches found

NVD
NVDadded 2013/12/23 8:55 p.m.12 views

CVE-2013-2629

Leed Light Feed, possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the 1 importForm, 2 importFeed, 3 addFavorite, or 4 removeFavorite actions in action.php...

5CVSS6.7AI score0.00397EPSS
Exploits1References2
Prion
Prionadded 2013/12/23 8:55 p.m.17 views

Authorization

Leed Light Feed, possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the 1 importForm, 2 importFeed, 3 addFavorite, or 4 removeFavorite actions in action.php...

5CVSS7.3AI score0.00397EPSS
Exploits1References2Affected Software1
Cvelist
Cvelistadded 2013/12/23 8:0 p.m.21 views

CVE-2013-2629

Leed Light Feed, possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the 1 importForm, 2 importFeed, 3 addFavorite, or 4 removeFavorite actions in action.php...

6.7AI score0.00397EPSS
Exploits1References2
CVE
CVEadded 2013/12/23 8:0 p.m.41 views

CVE-2013-2629

Leed (Light Feed) before 1.5 Stable is affected by CVE-2013-2629 through an authentication bypass in action.php, enabling remote attackers to access functions such as importForm, importFeed, addFavorite, and removeFavorite without proper user verification. The issue is part of a set of vulnerabil...

5CVSS6.8AI score0.00397EPSS
Exploits1References2Affected Software1
NVD
NVDadded 2013/12/21 12:55 a.m.13 views

CVE-2013-2628

Multiple cross-site request forgery CSRF vulnerabilities in action.php in Leed Light Feed, possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token...

6.8CVSS7.3AI score0.00132EPSS
Exploits2References3
Prion
Prionadded 2013/12/21 12:55 a.m.11 views

Sql injection

SQL injection vulnerability in action.php in Leed Light Feed, possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action...

7.5CVSS9AI score0.00379EPSS
Exploits2References4Affected Software1
Cvelist
Cvelistadded 2013/12/21 12:0 a.m.18 views

CVE-2013-2628

Multiple cross-site request forgery CSRF vulnerabilities in action.php in Leed Light Feed, possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token...

7.3AI score0.00132EPSS
Exploits2References3
CVE
CVEadded 2013/12/21 12:0 a.m.43 views

CVE-2013-2627

CVE-2013-2627 describes a SQL injection in Leed (Light Feed) through action.php?action=removeFolder&id=... where user input is not properly escaped. The CSNC advisory confirms multiple vulnerabilities in Leed, including this SQL injection, and notes the vendor-provided fix was to upgrade to the l...

7.5CVSS8.6AI score0.00379EPSS
Exploits2References4Affected Software1
Rows per page
Query Builder