|
297671
|
- |
|
ibm
|
rational_clearquest
|
Cross-site scripting (XSS) vulnerability in the Web Client in IBM Rational ClearQuest 7.1.x before 7.1.2.10 and 8.x before 8.0.0.6 allows remote attackers to inject arbitrary web script or HTML via a…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5757
|
2024-11-21 10:45 |
2013-03-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297672
|
- |
|
ibm
|
infosphere_information_server
|
The installation process in IBM InfoSphere Information Server 8.1, 8.5, 8.7, and 9.1 on UNIX and Linux sets incorrect permissions and ownerships for unspecified files, which allows local users to byp…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5938
|
2024-11-21 10:45 |
2013-03-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297673
|
- |
|
redhat
|
enterprise_virtualization_manager
|
The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a wor…
|
CWE-255
Credentials Management
|
CVE-2012-6115
|
2024-11-21 10:45 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297674
|
- |
|
redhat
|
automatic_bug_reporting_tool
|
abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a syml…
|
CWE-264
CWE-362
Permissions, Privileges, and Access Controls
Race Condition
|
CVE-2012-5660
|
2024-11-21 10:45 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297675
|
- |
|
redhat
|
automatic_bug_reporting_tool
|
Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary …
|
NVD-CWE-Other
|
CVE-2012-5659
|
2024-11-21 10:45 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297676
|
- |
|
apache
|
cxf
|
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to …
|
CWE-287
Improper Authentication
|
CVE-2012-5633
|
2024-11-21 10:45 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297677
|
- |
|
redhat
|
jboss_enterprise_web_platform
jboss_enterprise_application_platform
|
The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5629
|
2024-11-21 10:45 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297678
|
- |
|
redhat
|
aeolus_conductor
|
The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6118
|
2024-11-21 10:45 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297679
|
- |
|
redhat
|
cloudforms_cloud_engine
|
Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to re…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6117
|
2024-11-21 10:45 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297680
|
- |
|
inkscape
|
inkscape
|
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and poss…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6076
|
2024-11-21 10:45 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
