|
292011
|
- |
|
amazon
|
kindle_touch
|
The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as…
|
CWE-94
Code Injection
|
CVE-2012-4249
|
2024-11-21 10:42 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292012
|
- |
|
amazon
|
kindle_touch
|
The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors i…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4248
|
2024-11-21 10:42 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292013
|
- |
|
dir2web
|
dir2web
|
SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php.
|
CWE-89
SQL Injection
|
CVE-2012-4070
|
2024-11-21 10:42 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292014
|
- |
|
dir2web
|
dir2web
|
Dir2web 3.0 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database via a direct request for system/db/website.db.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4069
|
2024-11-21 10:42 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292015
|
- |
|
phplist
|
phplist
|
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) remote_user, (2) remot…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4247
|
2024-11-21 10:42 |
2012-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292016
|
- |
|
phplist
|
phplist
|
Multiple cross-site scripting (XSS) vulnerabilities in lists/admin/index.php in phpList before 2.10.19 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter; or the…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4246
|
2024-11-21 10:42 |
2012-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292017
|
- |
|
pbboard
|
pbboard
|
The new_password page in PBBoard 2.1.4 allows remote attackers to change the password of arbitrary user accounts via the member_id and new_password parameters to index.php.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4035
|
2024-11-21 10:42 |
2012-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292018
|
- |
|
pbboard
|
pbboard
|
Multiple SQL injection vulnerabilities in PBBoard 2.1.4 allow remote attackers to execute arbitrary SQL commands via the (1) username parameter to the send page, (2) email parameter to the forget pag…
|
CWE-89
SQL Injection
|
CVE-2012-4034
|
2024-11-21 10:42 |
2012-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292019
|
- |
|
rsgallery2
|
com_rsgallery2
|
The RSGallery2 (com_rsgallery2) component before 3.2.0 for Joomla! 2.5.x does not place index.html files in image directories, which allows remote attackers to list image filenames via a request for …
|
CWE-200
Information Exposure
|
CVE-2012-4235
|
2024-11-21 10:42 |
2012-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292020
|
- |
|
rsgallery2
|
com_rsgallery2
|
Cross-site scripting (XSS) vulnerability in the comments module in the RSGallery2 (com_rsgallery2) component before 2.3.0 for Joomla! 1.5.x, and before 3.2.0 for Joomla! 2.5.x, allows remote attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4071
|
2024-11-21 10:42 |
2012-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
