|
297931
|
- |
|
bestpractical
|
rt
|
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to conduct a "confused deputy" attack to bypass the CSRF warning protection mechanism and cause victims to "mod…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4734
|
2024-11-21 10:43 |
2012-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297932
|
- |
|
bestpractical
|
rt
|
Cross-site request forgery (CSRF) vulnerability in Request Tracker (RT) 3.8.12 and other versions before 3.8.15, and 4.0.6 and other versions before 4.0.8, allows remote attackers to hijack the authe…
|
CWE-352
Origin Validation Error
|
CVE-2012-4732
|
2024-11-21 10:43 |
2012-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297933
|
- |
|
bestpractical
|
rtfm
|
FAQ manager for Request Tracker (RTFM) before 2.4.5 does not properly check user rights, which allows remote authenticated users to create arbitrary articles in arbitrary classes via unknown vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4731
|
2024-11-21 10:43 |
2012-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297934
|
- |
|
bestpractical
|
rt
|
Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote authenticated users with ModifySelf or AdminUser privileges to inject arbitrary email headers and conduct phishing attack…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4730
|
2024-11-21 10:43 |
2012-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297935
|
- |
|
openstack
|
image_registry_and_delivery_service_\(glance\)
essex
folsom
|
The v1 API in OpenStack Glance Grizzly, Folsom (2012.2), and Essex (2012.1) allows remote authenticated users to delete arbitrary non-protected images via an image deletion request, a different vulne…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4573
|
2024-11-21 10:43 |
2012-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297936
|
- |
|
libtiff
debian
canonical
redhat
opensuse
|
libtiff
debian_linux
ubuntu_linux
enterprise_linux_server
enterprise_linux_workstation
enterprise_linux_desktop
enterprise_linux_eus
opensuse
|
ppm2tiff does not check the return value of the TIFFScanlineSize function, which allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a crafted PPM ima…
|
NVD-CWE-Other
|
CVE-2012-4564
|
2024-11-21 10:43 |
2012-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297937
|
- |
|
drupal
|
drupal
|
The OpenID module in Drupal 7.x before 7.16 allows remote OpenID servers to read arbitrary files via a crafted DOCTYPE declaration in an XRDS file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4554
|
2024-11-21 10:43 |
2012-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297938
|
- |
|
drupal
|
drupal
|
Drupal 7.x before 7.16 allows remote attackers to obtain sensitive information and possibly re-install Drupal and execute arbitrary PHP code via an external database server, related to "transient con…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4553
|
2024-11-21 10:43 |
2012-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297939
|
- |
|
lars_hjemli
|
cgit
|
Argument injection vulnerability in syntax-highlighting.sh in cgit 9.0.3 and earlier allows remote authenticated users with permissions to add files to execute arbitrary commands via the --plug-in ar…
|
NVD-CWE-Other
|
CVE-2012-4548
|
2024-11-21 10:43 |
2012-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297940
|
- |
|
opensuse
redhat
|
opensuse
icedtea-web
|
Off-by-one error in the invoke function in IcedTeaScriptablePluginObject.cc in IcedTea-Web 1.1.x before 1.1.7, 1.2.x before 1.2.2, 1.3.x before 1.3.1, and 1.4.x before 1.4.1 allows remote attackers t…
|
CWE-189
Numeric Errors
|
CVE-2012-4540
|
2024-11-21 10:43 |
2012-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
