|
292911
|
- |
|
zenphoto
|
zenphoto
|
Eval injection vulnerability in zp-core/zp-extensions/viewer_size_image.php in ZENphoto 1.4.2, when the viewer_size_image plugin is enabled, allows remote attackers to execute arbitrary PHP code via …
|
CWE-94
Code Injection
|
CVE-2012-0993
|
2024-11-21 10:36 |
2012-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292912
|
- |
|
simhl
|
sths_v2_web_portal
|
Multiple cross-site scripting (XSS) vulnerabilities in STHS v2 Web Portal 2.2 allow remote attackers to inject arbitrary web script or HTML via the team parameter to (1) prospects.php, (2) prospect.p…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1217
|
2024-11-21 10:36 |
2012-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292913
|
- |
|
pbboard
|
pbboard
|
Multiple cross-site request forgery (CSRF) vulnerabilities in admin.php in PBBoard 2.1.4 allow remote attackers to hijack the authentication of administrators for requests that (1) upload a file via …
|
CWE-352
Origin Validation Error
|
CVE-2012-1216
|
2024-11-21 10:36 |
2012-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292914
|
- |
|
yoono
|
yoono_for_firefox
|
Cross-site scripting (XSS) vulnerability in the Add friends module in the Yoono extension before 7.7.8 for Firefox allows remote attackers to inject arbitrary web script or HTML via the create field …
|
CWE-79
Cross-site Scripting
|
CVE-2012-1215
|
2024-11-21 10:36 |
2012-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292915
|
- |
|
yoono
|
yoono_desktop
|
Cross-site scripting (XSS) vulnerability in the Add friends module in Yoono Desktop Application before 1.8.21 allows remote attackers to inject arbitrary web script or HTML via the create field in a …
|
CWE-79
Cross-site Scripting
|
CVE-2012-1214
|
2024-11-21 10:36 |
2012-02-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292916
|
- |
|
nova-cms
|
nova_cms
|
Multiple PHP remote file inclusion vulnerabilities in Nova CMS allow remote attackers to execute arbitrary PHP code via a URL in the (1) fileType parameter to optimizer/index.php, (2) id parameter to…
|
CWE-94
Code Injection
|
CVE-2012-1200
|
2024-11-21 10:36 |
2012-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292917
|
- |
|
secureideas
|
basic_analysis_and_security_engine
|
base_ag_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allows remote attackers to execute arbitrary code by uploading contents of the file with an executable extension via a create actio…
|
CWE-20
Improper Input Validation
|
CVE-2012-1198
|
2024-11-21 10:36 |
2012-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292918
|
- |
|
acd_systems
|
acdsee
|
Integer overflow in the IDE_ACDStd.apl module for ACDSee 14.1 Build 137 allows remote attackers to execute arbitrary code via crafted "image dimension values" in a BMP file, which triggers a heap-bas…
|
CWE-189
Numeric Errors
|
CVE-2012-1197
|
2024-11-21 10:36 |
2012-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292919
|
- |
|
secureideas
|
basic_analysis_and_security_engine
|
Multiple PHP remote file inclusion vulnerabilities in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary PHP code via a URL in the (1) BASE_path parameter to …
|
CWE-94
Code Injection
|
CVE-2012-1199
|
2024-11-21 10:36 |
2012-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292920
|
- |
|
landesk
|
lenovo_thinkmanagement_console
|
Directory traversal vulnerability in the VulCore web service (WSVulnerabilityCore/VulCore.asmx) in Lenovo ThinkManagement Console 9.0.3 allows remote attackers to delete arbitrary files via a .. (dot…
|
CWE-22
Path Traversal
|
CVE-2012-1196
|
2024-11-21 10:36 |
2012-02-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
