|
296811
|
- |
|
jaow
|
jaow
|
SQL injection vulnerability in add_ons.php in Jaow 2.4.5 and earlier allows remote attackers to execute arbitrary SQL commands via the add_ons parameter.
|
CWE-89
SQL Injection
|
CVE-2012-2952
|
2024-11-21 10:40 |
2012-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296812
|
- |
|
zte
|
score_m
|
The ZTE sync_agent program for Android 2.3.4 on the Score M device uses a hardcoded ztex1609523 password to control access to commands, which allows remote attackers to gain privileges via a crafted …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2949
|
2024-11-21 10:40 |
2012-05-30 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296813
|
9.8 |
CRITICAL
Network
|
golang
|
go
|
golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.
|
-
|
CVE-2012-2666
|
2024-11-21 10:39 |
2021-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296814
|
8.8 |
HIGH
Network
|
axous
|
axous
|
Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests…
|
CWE-352
Origin Validation Error
|
CVE-2012-2629
|
2024-11-21 10:39 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296815
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php.
|
CWE-79
Cross-site Scripting
|
CVE-2012-2517
|
2024-11-21 10:39 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296816
|
6.1 |
MEDIUM
Network
|
pragmamx
|
pragmamx
|
Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_ur…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2452
|
2024-11-21 10:39 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296817
|
6.1 |
MEDIUM
Network
|
atmail
|
atmail
|
Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email.
|
CWE-79
Cross-site Scripting
|
CVE-2012-2593
|
2024-11-21 10:39 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296818
|
7.2 |
HIGH
Network
|
tinywebgallery
|
tinywebgallery
|
PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file.
|
CWE-74
Injection
|
CVE-2012-2931
|
2024-11-21 10:39 |
2020-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296819
|
5.3 |
MEDIUM
Network
|
md-systems
|
simplenews
|
The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is…
|
CWE-200
Information Exposure
|
CVE-2012-2724
|
2024-11-21 10:39 |
2020-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296820
|
9.8 |
CRITICAL
Network
|
browserid_project
|
browserid
|
The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier.
|
CWE-287
Improper Authentication
|
CVE-2012-2714
|
2024-11-21 10:39 |
2020-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
