Search
Find a vulnerability
Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
6 vulnerabilities by idleman
CVE-2013-2629 (GCVE-0-2013-2629)
Vulnerability from nvd – Published: 2013-12-23 20:00 – Updated: 2024-08-06 15:44
VLAI
Summary
Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/bugtraq/2013/Dec/107 | mailing-listx_refsource_BUGTRAQ |
| http://www.csnc.ch/misc/files/advisories/CSNC-201… | x_refsource_MISC |
Date Public
2013-12-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-09T15:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"name": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt",
"refsource": "MISC",
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2629",
"datePublished": "2013-12-23T20:00:00.000Z",
"dateReserved": "2013-03-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2628 (GCVE-0-2013-2628)
Vulnerability from nvd – Published: 2013-12-21 00:00 – Updated: 2024-08-06 15:44
VLAI
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/bugtraq/2013/Dec/107 | mailing-listx_refsource_BUGTRAQ |
| http://www.csnc.ch/misc/files/advisories/CSNC-201… | x_refsource_MISC |
| http://osvdb.org/101154 | vdb-entryx_refsource_OSVDB |
Date Public
2013-12-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101154",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-20T23:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101154",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"name": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt",
"refsource": "MISC",
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101154",
"refsource": "OSVDB",
"url": "http://osvdb.org/101154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2628",
"datePublished": "2013-12-21T00:00:00.000Z",
"dateReserved": "2013-03-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2627 (GCVE-0-2013-2627)
Vulnerability from nvd – Published: 2013-12-21 00:00 – Updated: 2024-08-06 15:44
VLAI
Summary
SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://seclists.org/bugtraq/2013/Dec/107 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/64426 | vdb-entryx_refsource_BID |
| http://www.csnc.ch/misc/files/advisories/CSNC-201… | x_refsource_MISC |
| http://osvdb.org/101156 | vdb-entryx_refsource_OSVDB |
Date Public
2013-12-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"name": "64426",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64426"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101156",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-20T23:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"name": "64426",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64426"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101156",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"name": "64426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64426"
},
{
"name": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt",
"refsource": "MISC",
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101156",
"refsource": "OSVDB",
"url": "http://osvdb.org/101156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2627",
"datePublished": "2013-12-21T00:00:00.000Z",
"dateReserved": "2013-03-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2629 (GCVE-0-2013-2629)
Vulnerability from cvelistv5 – Published: 2013-12-23 20:00 – Updated: 2024-08-06 15:44
VLAI
Summary
Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
2 references
| URL | Tags |
|---|---|
| http://seclists.org/bugtraq/2013/Dec/107 | mailing-listx_refsource_BUGTRAQ |
| http://www.csnc.ch/misc/files/advisories/CSNC-201… | x_refsource_MISC |
Date Public
2013-12-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.651Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-01-09T15:57:00.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2629",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to bypass authorization via vectors related to the (1) importForm, (2) importFeed, (3) addFavorite, or (4) removeFavorite actions in action.php."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"name": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt",
"refsource": "MISC",
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2629",
"datePublished": "2013-12-23T20:00:00.000Z",
"dateReserved": "2013-03-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.651Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2627 (GCVE-0-2013-2627)
Vulnerability from cvelistv5 – Published: 2013-12-21 00:00 – Updated: 2024-08-06 15:44
VLAI
Summary
SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://seclists.org/bugtraq/2013/Dec/107 | mailing-listx_refsource_BUGTRAQ |
| http://www.securityfocus.com/bid/64426 | vdb-entryx_refsource_BID |
| http://www.csnc.ch/misc/files/advisories/CSNC-201… | x_refsource_MISC |
| http://osvdb.org/101156 | vdb-entryx_refsource_OSVDB |
Date Public
2013-12-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.329Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"name": "64426",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/64426"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101156",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101156"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-20T23:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"name": "64426",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/64426"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101156",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101156"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2627",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "SQL injection vulnerability in action.php in Leed (Light Feed), possibly before 1.5 Stable, allows remote attackers to execute arbitrary SQL commands via the id parameter in a removeFolder action."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"name": "64426",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/64426"
},
{
"name": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt",
"refsource": "MISC",
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101156",
"refsource": "OSVDB",
"url": "http://osvdb.org/101156"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2627",
"datePublished": "2013-12-21T00:00:00.000Z",
"dateReserved": "2013-03-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.329Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2013-2628 (GCVE-0-2013-2628)
Vulnerability from cvelistv5 – Published: 2013-12-21 00:00 – Updated: 2024-08-06 15:44
VLAI
Summary
Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
3 references
| URL | Tags |
|---|---|
| http://seclists.org/bugtraq/2013/Dec/107 | mailing-listx_refsource_BUGTRAQ |
| http://www.csnc.ch/misc/files/advisories/CSNC-201… | x_refsource_MISC |
| http://osvdb.org/101154 | vdb-entryx_refsource_OSVDB |
Date Public
2013-12-18 00:00
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T15:44:32.268Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ",
"x_transferred"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101154",
"tags": [
"vdb-entry",
"x_refsource_OSVDB",
"x_transferred"
],
"url": "http://osvdb.org/101154"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2013-12-18T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2013-12-20T23:57:01.000Z",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"tags": [
"mailing-list",
"x_refsource_BUGTRAQ"
],
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101154",
"tags": [
"vdb-entry",
"x_refsource_OSVDB"
],
"url": "http://osvdb.org/101154"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2013-2628",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Multiple cross-site request forgery (CSRF) vulnerabilities in action.php in Leed (Light Feed), possibly before 1.5 Stable, allow remote attackers to hijack the authentication of administrators for unspecified requests, related to the lack of an anti-CSRF token."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "20131218 [CVE-2013-2627, CVE-2013-2628, CVE-2013-2629] Leed (Light Feed) - Multiple vulnerabilities",
"refsource": "BUGTRAQ",
"url": "http://seclists.org/bugtraq/2013/Dec/107"
},
{
"name": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt",
"refsource": "MISC",
"url": "http://www.csnc.ch/misc/files/advisories/CSNC-2013-005-006-007_Leed_Multiple_vulns.txt"
},
{
"name": "101154",
"refsource": "OSVDB",
"url": "http://osvdb.org/101154"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2013-2628",
"datePublished": "2013-12-21T00:00:00.000Z",
"dateReserved": "2013-03-19T00:00:00.000Z",
"dateUpdated": "2024-08-06T15:44:32.268Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}