|
297951
|
7.5 |
HIGH
Network
|
squirrelmail
|
change_passwd
|
Squirrelmail 4.0 uses the outdated MD5 hash algorithm for passwords.
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2012-5623
|
2024-11-21 10:44 |
2020-02-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297952
|
4.3 |
MEDIUM
Network
|
basic_webmail_project
|
basic_webmail
|
The Basic webmail module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with the "access basic_webmail" permission to read arbitrary users' email addresses.
|
CWE-200
Information Exposure
|
CVE-2012-5570
|
2024-11-21 10:44 |
2020-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297953
|
9.8 |
CRITICAL
Network
|
ushahidi
|
ushahidi
|
Ushahidi before 2.6.1 has insufficient entropy for forgot-password tokens.
|
CWE-640
Weak Password Recovery Mechanism for Forgotten Password
|
CVE-2012-5618
|
2024-11-21 10:44 |
2020-02-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297954
|
7.5 |
HIGH
Network
|
dart
|
powertcp_webserver_for_activex
|
NULL Pointer Dereference in PowerTCP WebServer for ActiveX 1.9.2 and earlier allows remote attackers to cause a denial of service (application crash) via a crafted HTTP request.
|
CWE-476
NULL Pointer Dereference
|
CVE-2012-5389
|
2024-11-21 10:44 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297955
|
7.8 |
HIGH
Local
|
sumatrapdfreader
artifex
|
sumatrapdf
mupdf
|
SumatraPDF 2.1.1/MuPDF 1.0 allows remote attackers to cause an Integer Overflow in the lex_number() function via a corrupt PDF file.
|
CWE-190
Integer Overflow or Wraparound
|
CVE-2012-5340
|
2024-11-21 10:44 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297956
|
7.5 |
HIGH
Network
|
redhat
|
jboss_operations_network
jboss_enterprise_web_server
jboss_enterprise_application_platform
jboss_brms
jboss_soa_platform
jboss_portal
|
EJB method in Red Hat JBoss BRMS 5; Red Hat JBoss Enterprise Application Platform 5; Red Hat JBoss Operations Network 3.1; Red Hat JBoss Portal 4 and 5; Red Hat JBoss SOA Platform 4.2, 4.3, and 5; in…
|
NVD-CWE-noinfo
|
CVE-2012-5626
|
2024-11-21 10:44 |
2020-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297957
|
9.8 |
CRITICAL
Network
|
accusoft
|
prizm_content_connect
|
Prizm Content Connect 5.1 has an Arbitrary File Upload Vulnerability
|
CWE-434
Unrestricted Upload of File with Dangerous Type
|
CVE-2012-5190
|
2024-11-21 10:44 |
2020-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297958
|
4.8 |
MEDIUM
Network
|
smileys_project
smiley_project
|
smileys
smiley
|
Cross-site scripting (XSS) vulnerability in the Smiley module 6.x-1.x versions prior to 6.x-1.1 and Smileys module 6.x-1.x versions prior to 6.x-1.1 for Drupal allows remote authenticated users with …
|
CWE-79
Cross-site Scripting
|
CVE-2012-5558
|
2024-11-21 10:44 |
2020-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297959
|
5.5 |
MEDIUM
Local
|
openstack
debian
|
horizon
debian_linux
|
Within the RHOS Essex Preview (2012.2) of the OpenStack dashboard package, the file /etc/quantum/quantum.conf is world readable which exposes the admin password and token value.
|
CWE-200
Information Exposure
|
CVE-2012-5476
|
2024-11-21 10:44 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297960
|
5.5 |
MEDIUM
Local
|
redhat
openstack
debian
fedoraproject
|
openstack
horizon
debian_linux
fedora
|
The file /etc/openstack-dashboard/local_settings within Red Hat OpenStack Platform 2.0 and RHOS Essex Release (python-django-horizon package before 2012.1.1) is world readable and exposes the secret …
|
CWE-311
Missing Encryption of Sensitive Data
|
CVE-2012-5474
|
2024-11-21 10:44 |
2019-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
