Search
Find a vulnerability
Search criteria
3 vulnerabilities by idleman
CVE-2013-2629 (GCVE-0-2013-2629)
Vulnerability from cvelistv5 – Published: 2013-12-23 20:00 – Updated: 2024-08-06 15:44
VLAI
Summary
Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/bugtraq/2013/Dec/107 | mailing-listx_refsource_BUGTRAQ |
| http://www.csnc.ch/misc/files/advisories/CSNC-201… | x_refsource_MISC |
Date Public
2013-12-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-09T15:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"name": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt",
"refsource": "MISC",
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2629",
"datePublished": "2013-12-23T20:00:00.000Z",
"dateReserved": "2013-03-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2628 (GCVE-0-2013-2628)
Vulnerability from cvelistv5 – Published: 2013-12-21 00:00 – Updated: 2024-08-06 15:44
VLAI
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/bugtraq/2013/Dec/107 | mailing-listx_refsource_BUGTRAQ |
| http://www.csnc.ch/misc/files/advisories/CSNC-201… | x_refsource_MISC |
| http://osvdb.org/101154 | vdb-entryx_refsource_OSVDB |
Date Public
2013-12-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101154",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-20T23:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101154",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"name": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt",
"refsource": "MISC",
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101154",
"refsource": "OSVDB",
"url": "http://osvdb.org/101154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2628",
"datePublished": "2013-12-21T00:00:00.000Z",
"dateReserved": "2013-03-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2627 (GCVE-0-2013-2627)
Vulnerability from cvelistv5 – Published: 2013-12-21 00:00 – Updated: 2024-08-06 15:44
VLAI
Summary
SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://seclists.org/bugtraq/2013/Dec/107 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/64426 | vdb-entryx_refsource_BID |
| http://www.csnc.ch/misc/files/advisories/CSNC-201… | x_refsource_MISC |
| http://osvdb.org/101156 | vdb-entryx_refsource_OSVDB |
Date Public
2013-12-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"name": "64426",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64426"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101156",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-20T23:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"name": "64426",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64426"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101156",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"name": "64426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64426"
},
{
"name": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt",
"refsource": "MISC",
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101156",
"refsource": "OSVDB",
"url": "http://osvdb.org/101156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2627",
"datePublished": "2013-12-21T00:00:00.000Z",
"dateReserved": "2013-03-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}