|
293021
|
7.5 |
HIGH
Network
|
apache
|
xerces2_java
|
Apache Xerces2 Java Parser before 2.12.0 allows remote attackers to cause a denial of service (CPU consumption) via a crafted message to an XML service, which triggers hash table collisions.
|
CWE-399
Resource Management Errors
|
CVE-2012-0881
|
2024-11-21 10:35 |
2017-10-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293022
|
7.5 |
HIGH
Network
|
apache
|
xerces-c\+\+
|
Apache Xerces-C++ allows remote attackers to cause a denial of service (CPU consumption) via a crafted message sent to an XML service that causes hash table collisions.
|
CWE-399
Resource Management Errors
|
CVE-2012-0880
|
2024-11-21 10:35 |
2017-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293023
|
9.8 |
CRITICAL
Network
|
apache
|
cxf
|
The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request.
|
CWE-287
Improper Authentication
|
CVE-2012-0803
|
2024-11-21 10:35 |
2017-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293024
|
- |
|
postfix
|
postfix
|
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt func…
|
CWE-89
SQL Injection
|
CVE-2012-0811
|
2024-11-21 10:35 |
2014-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293025
|
- |
|
opensuse
systemd_project
|
opensuse
systemd
|
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on…
|
CWE-59
Link Following
|
CVE-2012-0871
|
2024-11-21 10:35 |
2014-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293026
|
- |
|
puppet
|
puppet_enterprise
puppet_dashboard
|
Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or …
|
CWE-79
Cross-site Scripting
|
CVE-2012-0891
|
2024-11-21 10:35 |
2014-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293027
|
- |
|
systemtap
|
systemtap
|
SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0875
|
2024-11-21 10:35 |
2014-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293028
|
- |
|
redhat
augeas
|
enterprise_linux
augeas
|
The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files a…
|
NVD-CWE-noinfo
|
CVE-2012-0787
|
2024-11-21 10:35 |
2013-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293029
|
- |
|
augeas
|
augeas
|
The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file.
|
CWE-59
Link Following
|
CVE-2012-0786
|
2024-11-21 10:35 |
2013-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293030
|
- |
|
drupal
|
drupal
|
The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields vi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0827
|
2024-11-21 10:35 |
2013-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
