|
294201
|
6.5 |
MEDIUM
Network
|
trilexnet
debian
|
letodms
debian_linux
|
letodms 3.3.6 has CSRF via change password
|
CWE-352
Origin Validation Error
|
CVE-2012-4385
|
2024-11-21 10:42 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294202
|
6.1 |
MEDIUM
Network
|
trilexnet
debian
|
letodms
debian_linux
|
letodms has multiple XSS issues: Reflected XSS in Login Page, Stored XSS in Document Owner/User name, Stored XSS in Calendar
|
CWE-79
Cross-site Scripting
|
CVE-2012-4384
|
2024-11-21 10:42 |
2019-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294203
|
9.8 |
CRITICAL
Network
|
apache
|
hadoop
|
Apache Hadoop before 0.23.4, 1.x before 1.0.4, and 2.x before 2.0.2 generate token passwords using a 20-bit secret when Kerberos security features are enabled, which makes it easier for context-depen…
|
CWE-327
Use of a Broken or Risky Cryptographic Algorithm
|
CVE-2012-4449
|
2024-11-21 10:42 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294204
|
6.1 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
Multiple cross-site scripting (XSS) vulnerabilities in MediaWiki before 1.18.5 and 1.19.x before 1.19.2, when unspecified JavaScript gadgets are used, allow remote attackers to inject arbitrary web s…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4378
|
2024-11-21 10:42 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294205
|
6.1 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
Cross-site scripting (XSS) vulnerability in MediaWiki before 1.18.5 and 1.19.x before 1.19.2 allows remote attackers to inject arbitrary web script or HTML via a File: link to a nonexistent image.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4377
|
2024-11-21 10:42 |
2017-10-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294206
|
4.9 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not properly protect user block metadata, which allows remote administrators to read a user block reason via a reblock attempt.
|
CWE-200
Information Exposure
|
CVE-2012-4382
|
2024-11-21 10:42 |
2017-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294207
|
7.5 |
HIGH
Network
|
mediawiki
|
mediawiki
|
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 allows remote attackers to bypass GlobalBlocking extension IP address blocking and create an account via unspecified vectors.
|
CWE-284
Improper Access Control
|
CVE-2012-4380
|
2024-11-21 10:42 |
2017-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294208
|
6.5 |
MEDIUM
Network
|
mediawiki
|
mediawiki
|
MediaWiki before 1.18.5, and 1.19.x before 1.19.2 does not send a restrictive X-Frame-Options HTTP header, which allows remote attackers to conduct clickjacking attacks via an embedded API response i…
|
CWE-284
Improper Access Control
|
CVE-2012-4379
|
2024-11-21 10:42 |
2017-10-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294209
|
- |
|
group-office
|
groupoffice
|
SQL injection vulnerability in modules/calendar/json.php in Group-Office community before 4.0.90 allows remote authenticated users to execute arbitrary SQL commands via the sort parameter.
|
CWE-89
SQL Injection
|
CVE-2012-4240
|
2024-11-21 10:42 |
2014-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294210
|
- |
|
phorum
|
phorum
|
Cross-site scripting (XSS) vulnerability in the group moderation screen in the control center (control.php) in Phorum before 5.2.19 allows remote attackers to inject arbitrary web script or HTML via …
|
CWE-79
Cross-site Scripting
|
CVE-2012-4234
|
2024-11-21 10:42 |
2014-09-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
