|
295041
|
- |
|
debian
mahara
|
debian_linux
mahara
|
The default configuration of the auth/saml plugin in Mahara before 1.4.2 sets the "Match username attribute to Remote username" option to false, which allows remote SAML IdP servers to spoof users of…
|
CWE-287
CWE-16
CWE-284
Improper Authentication
Configuration
Improper Access Control
|
CVE-2012-2351
|
2024-11-21 10:38 |
2012-07-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295042
|
- |
|
hp
|
operations_agent
|
Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1326.
|
NVD-CWE-noinfo
|
CVE-2012-2020
|
2024-11-21 10:38 |
2012-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295043
|
- |
|
hp
|
operations_agent
|
Unspecified vulnerability in HP Operations Agent before 11.03.12 allows remote attackers to execute arbitrary code via unknown vectors, aka ZDI-CAN-1325.
|
NVD-CWE-noinfo
|
CVE-2012-2019
|
2024-11-21 10:38 |
2012-07-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295044
|
- |
|
apache
|
org.apache.sling.servlets.post
|
The @CopyFrom operation in the POST servlet in the org.apache.sling.servlets.post bundle before 2.1.2 in Apache Sling does not prevent attempts to copy an ancestor node to a descendant node, which al…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2138
|
2024-11-21 10:38 |
2012-07-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295045
|
- |
|
php
|
php
|
Integer overflow in the phar_parse_tarfile function in tar.c in the phar extension in PHP before 5.3.14 and 5.4.x before 5.4.4 allows remote attackers to cause a denial of service (application crash)…
|
CWE-189
Numeric Errors
|
CVE-2012-2386
|
2024-11-21 10:38 |
2012-07-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295046
|
- |
|
hp
|
network_node_manager_i
|
Cross-site scripting (XSS) vulnerability in HP Network Node Manager i (NNMi) 8.x, 9.0x, and 9.1x allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2012-2018
|
2024-11-21 10:38 |
2012-07-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295047
|
- |
|
rsa
|
access_manager_server
access_manager_agent
|
EMC RSA Access Manager Server 6.x before 6.1 SP4 and RSA Access Manager Agent do not properly validate session tokens after a logout, which might allow remote attackers to conduct replay attacks via …
|
CWE-287
Improper Authentication
|
CVE-2012-2281
|
2024-11-21 10:38 |
2012-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295048
|
- |
|
postgresql
freebsd
php
debian
|
postgresql
freebsd
php
debian_linux
|
The crypt_des (aka DES-based crypt) function in FreeBSD before 9.0-RELEASE-p2, as used in PHP, PostgreSQL, and other products, does not process the complete cleartext password if this password contai…
|
CWE-310
Cryptographic Issues
|
CVE-2012-2143
|
2024-11-21 10:38 |
2012-07-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295049
|
- |
|
fedoraproject
|
anaconda
|
The bootloader configuration module (pyanaconda/bootloader.py) in Anaconda uses 755 permissions for /etc/grub.d, which allows local users to obtain password hashes and conduct brute force password gu…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2314
|
2024-11-21 10:38 |
2012-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295050
|
- |
|
ibm
|
websphere_portal
|
Directory traversal vulnerability in the Dojo module in IBM WebSphere Portal 7.0.0.1 and 7.0.0.2 before CF14, and 8.0, allows remote attackers to read arbitrary files via a crafted URL.
|
CWE-22
Path Traversal
|
CVE-2012-2181
|
2024-11-21 10:38 |
2012-07-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
