|
293961
|
- |
|
ibm
|
lotus_notes
|
IBM Lotus Notes 8.5.x before 8.5.3 FP3 does not include the HTTPOnly flag in a Set-Cookie header for a web-application cookie, which makes it easier for remote attackers to obtain potentially sensiti…
|
CWE-200
Information Exposure
|
CVE-2012-4846
|
2024-11-21 10:43 |
2012-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293962
|
- |
|
apache
|
tomcat
|
org/apache/tomcat/util/net/NioEndpoint.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.28, when the NIO connector is used in conjunction with sendfile and HTTPS, allows remote attackers to…
|
CWE-399
Resource Management Errors
|
CVE-2012-4534
|
2024-11-21 10:43 |
2012-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293963
|
- |
|
tropos
|
mesh_os
1310_distrubution_automation_mesh_router
1410_mesh_router
1410_wireless_mesh_router
3310_indoor_mesh_router
3320_indoor_mesh_router
4310_mobile_mesh_router
6310_mesh_rout…
|
Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a cl…
|
CWE-310
Cryptographic Issues
|
CVE-2012-4898
|
2024-11-21 10:43 |
2012-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293964
|
- |
|
invensys
siemens
|
wonderware_intouch
processsuite
|
Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by re…
|
CWE-310
Cryptographic Issues
|
CVE-2012-4693
|
2024-11-21 10:43 |
2012-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293965
|
- |
|
siemens
|
automation_license_manager
|
Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attackers to cause a denial of service (memory consumption) via crafted packets.
|
CWE-399
Resource Management Errors
|
CVE-2012-4691
|
2024-11-21 10:43 |
2012-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293966
|
- |
|
axway
|
securetransport
|
Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a…
|
CWE-22
Path Traversal
|
CVE-2012-4991
|
2024-11-21 10:43 |
2012-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293967
|
- |
|
layton_technology
|
helpbox
|
Layton Helpbox 4.4.0 allows remote attackers to discover cleartext credentials for the login page by sniffing the network.
|
CWE-310
Cryptographic Issues
|
CVE-2012-4977
|
2024-11-21 10:43 |
2012-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293968
|
- |
|
layton_technology
|
helpbox
|
selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an er…
|
CWE-200
Information Exposure
|
CVE-2012-4976
|
2024-11-21 10:43 |
2012-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293969
|
- |
|
layton_technology
|
helpbox
|
editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a modified sys_request_id parameter.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4975
|
2024-11-21 10:43 |
2012-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293970
|
- |
|
laytontechnology
|
helpbox
|
Layton Helpbox 4.4.0 allows remote authenticated users to change the login context and gain privileges via a modified (1) loggedinenduser, (2) loggedinendusername, (3) loggedinuserusergroup, (4) logg…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4974
|
2024-11-21 10:43 |
2012-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
