Search criteria
3 vulnerabilities by idleman
CVE-2013-2629 (GCVE-0-2013-2629)
Vulnerability from cvelistv5 – Published: 2013-12-23 20:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-09T15:57:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"name": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt",
"refsource": "MISC",
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2629",
"datePublished": "2013-12-23T20:00:00",
"dateReserved": "2013-03-19T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2627 (GCVE-0-2013-2627)
Vulnerability from cvelistv5 – Published: 2013-12-21 00:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"name": "64426",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64426"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101156",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-20T23:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"name": "64426",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64426"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101156",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"name": "64426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64426"
},
{
"name": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt",
"refsource": "MISC",
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101156",
"refsource": "OSVDB",
"url": "http://osvdb.org/101156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2627",
"datePublished": "2013-12-21T00:00:00",
"dateReserved": "2013-03-19T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2628 (GCVE-0-2013-2628)
Vulnerability from cvelistv5 – Published: 2013-12-21 00:00 – Updated: 2024-08-06 15:44
VLAI?
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101154",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-18T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-20T23:57:01",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101154",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"name": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt",
"refsource": "MISC",
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101154",
"refsource": "OSVDB",
"url": "http://osvdb.org/101154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2628",
"datePublished": "2013-12-21T00:00:00",
"dateReserved": "2013-03-19T00:00:00",
"dateUpdated": "2024-08-06T15:44:32.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}