|
293311
|
- |
|
owncloud
|
owncloud
|
Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4394
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293312
|
- |
|
owncloud
|
owncloud
|
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (…
|
CWE-352
Origin Validation Error
|
CVE-2012-4393
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293313
|
- |
|
owncloud
|
owncloud
|
index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.
|
CWE-287
Improper Authentication
|
CVE-2012-4392
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293314
|
- |
|
owncloud
|
owncloud
|
Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the a…
|
CWE-352
Origin Validation Error
|
CVE-2012-4391
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293315
|
- |
|
owncloud
|
owncloud
|
(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2012-4390
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293316
|
- |
|
owncloud
|
owncloud
|
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and access…
|
NVD-CWE-Other
|
CVE-2012-4389
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293317
|
- |
|
apache
|
struts
|
Apache Struts 2.0.0 through 2.3.4 allows remote attackers to cause a denial of service (CPU consumption) via a long parameter name, which is processed as an OGNL expression.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4387
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293318
|
- |
|
apache
|
struts
|
The token check mechanism in Apache Struts 2.0.0 through 2.3.4 does not properly validate the token name configuration parameter, which allows remote attackers to perform cross-site request forgery (…
|
CWE-352
Origin Validation Error
|
CVE-2012-4386
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293319
|
- |
|
adobe
|
adobe_air_sdk
adobe_air
flash_player_for_android
flash_player
|
Adobe Flash Player before 10.3.183.23 and 11.x before 11.4.402.265 on Windows and Mac OS X, before 10.3.183.23 and 11.x before 11.2.202.238 on Linux, before 11.1.111.16 on Android 2.x and 3.x, and be…
|
NVD-CWE-noinfo
|
CVE-2012-4171
|
2024-11-21 10:42 |
2012-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293320
|
- |
|
gimp
|
gimp
|
The scriptfu network server in GIMP 2.6 does not require authentication, which allows remote attackers to execute arbitrary commands via the python-fu-eval command.
|
CWE-862
Missing Authorization
|
CVE-2012-4245
|
2024-11-21 10:42 |
2012-09-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
