|
296431
|
- |
|
tony_freixas
|
ubercart_product_keys
|
The Ubercart Product Keys module 6.x-1.x before 6.x-1.1 for Drupal does not properly check access for product keys, which allows remote attackers to read all unassigned product keys via certain condi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2702
|
2024-11-21 10:39 |
2012-06-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296432
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
The Active Record component in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly implement the passing of request data to a where method in an ActiveRecord cla…
|
CWE-89
SQL Injection
|
CVE-2012-2695
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296433
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.14, 3.1.x before 3.1.6, and 3.2.x before 3.2.6 does not properly consider differences in parameter handling between the Acti…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2694
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296434
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
The Active Record component in Ruby on Rails 3.0.x before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly implement the passing of request data to a where method in an ActiveReco…
|
CWE-89
SQL Injection
|
CVE-2012-2661
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296435
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
actionpack/lib/action_dispatch/http/request.rb in Ruby on Rails before 3.0.13, 3.1.x before 3.1.5, and 3.2.x before 3.2.4 does not properly consider differences in parameter handling between the Acti…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2660
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296436
|
- |
|
drupal-id
|
counter_module
|
SQL injection vulnerability in the Counter module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors related to "recording visits."
|
CWE-89
SQL Injection
|
CVE-2012-2718
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296437
|
- |
|
david_stosik
|
comment_moderation
|
Cross-site request forgery (CSRF) vulnerability in the Comment Moderation module 6.x-1.x before 6.x-1.1 for Drupal allows remote attackers to hijack the authentication of administrators for requests …
|
CWE-352
Origin Validation Error
|
CVE-2012-2716
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296438
|
- |
|
openstack
|
compute
essex
diablo
|
The (1) EC2 and (2) OS APIs in OpenStack Compute (Nova) Folsom (2012.2), Essex (2012.1), and Diablo (2011.3) do not properly check the protocol when security groups are created and the network protoc…
|
CWE-20
Improper Input Validation
|
CVE-2012-2654
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296439
|
- |
|
w1.fi
|
hostapd
|
hostapd 0.7.3, and possibly other versions before 1.0, uses 0644 permissions for /etc/hostapd/hostapd.conf, which might allow local users to obtain sensitive information such as credentials.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2389
|
2024-11-21 10:39 |
2012-06-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296440
|
- |
|
cisco
|
anyconnect_secure_mobility_client
|
A certain Java applet in the VPN downloader implementation in the WebLaunch feature in Cisco AnyConnect Secure Mobility Client 3.x before 3.0 MR7 on 64-bit Linux platforms does not properly restrict …
|
CWE-20
Improper Input Validation
|
CVE-2012-2496
|
2024-11-21 10:39 |
2012-06-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
