|
293031
|
- |
|
achievo
|
achievo
|
Cross-site scripting (XSS) vulnerability in include.php in Achievo 1.4.5 allows remote attackers to inject arbitrary web script or HTML via the field parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-5866
|
2024-11-21 10:45 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293032
|
- |
|
achievo
|
achievo
|
SQL injection vulnerability in dispatch.php in Achievo 1.4.5 allows remote authenticated users to execute arbitrary SQL commands via the activityid parameter in a stats action.
|
CWE-89
SQL Injection
|
CVE-2012-5865
|
2024-11-21 10:45 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293033
|
- |
|
dotproject
|
dotproject
|
Multiple SQL injection vulnerabilities in dotProject before 2.1.7 allow remote authenticated administrators to execute arbitrary SQL commands via the (1) search_string or (2) where parameter in a con…
|
CWE-352
CWE-89
Origin Validation Error
SQL Injection
|
CVE-2012-5701
|
2024-11-21 10:45 |
2014-10-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293034
|
- |
|
bcron_project
|
bcron_exec
|
bcron-exec in bcron before 0.10 does not close file descriptors associated with temporary files when running a cron job, which allows local users to modify job files and send spam messages by accessi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6110
|
2024-11-21 10:45 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293035
|
- |
|
apache
|
apache_axis2\/c
|
Apache Axis2/C does not verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attack…
|
CWE-310
Cryptographic Issues
|
CVE-2012-6107
|
2024-11-21 10:45 |
2014-09-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293036
|
- |
|
babygekko
|
baby_gekko
|
Multiple cross-site scripting (XSS) vulnerabilities in Baby Gekko before 1.2.2f allow remote attackers to inject arbitrary web script or HTML via the (1) id parameter to admin/index.php or the (2) us…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5700
|
2024-11-21 10:45 |
2014-09-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293037
|
- |
|
apache
|
commons-httpclient
|
http/conn/ssl/AbstractVerifier.java in Apache Commons HttpClient before 4.2.3 does not properly verify that the server hostname matches a domain name in the subject's Common Name (CN) or subjectAltNa…
|
CWE-20
Improper Input Validation
|
CVE-2012-6153
|
2024-11-21 10:45 |
2014-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293038
|
- |
|
zpanelcp
|
zpanel
|
SQL injection vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to execute arbitrary SQL commands via the inEmailAddress parameter in an UpdateClient action in the manage_clients mod…
|
CWE-89
SQL Injection
|
CVE-2012-5685
|
2024-11-21 10:45 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293039
|
- |
|
zpanelcp
|
zpanel
|
Cross-site scripting (XSS) vulnerability in ZPanel 10.0.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the inFullname parameter in an UpdateAccountSettings action in…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5684
|
2024-11-21 10:45 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293040
|
- |
|
zpanelcp
|
zpanel
|
Multiple cross-site request forgery (CSRF) vulnerabilities in ZPanel 10.0.1 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) create new FTP user…
|
CWE-352
Origin Validation Error
|
CVE-2012-5683
|
2024-11-21 10:45 |
2014-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
