|
291821
|
- |
|
wireshark
|
wireshark
|
The dissect_hsrp function in epan/dissectors/packet-hsrp.c in the HSRP dissector in Wireshark 1.8.x before 1.8.3 allows remote attackers to cause a denial of service (infinite loop) via a malformed p…
|
CWE-399
Resource Management Errors
|
CVE-2012-5237
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291822
|
- |
|
mystorexpress
|
tienda_virtual
|
SQL injection vulnerability in art_catalogo.php in MyStore Xpress Tienda Virtual 2.0 allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2012-5300
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291823
|
- |
|
mavili_guestbook_project
|
mavili_guestbook
|
Mavili Guestbook, as released in November 2007, allows remote attackers to edit, delete, and approve arbitrary messages via a direct request to (1) edit.asp, (2) delete.asp, or (3) approve.asp.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5299
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291824
|
- |
|
mavili_guestbook_project
|
mavili_guestbook
|
Mavili Guestbook, as released in November 2007, stores guestbook.mdb under the web root with insufficient access control, which allows remote attackers to read the database via a direct request.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5298
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291825
|
- |
|
mavili_guestbook_project
|
mavili_guestbook
|
SQL injection vulnerability in edit.asp in Mavili Guestbook, as released in November 2007, allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2012-5297
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291826
|
- |
|
mavili_guestbook_project
|
mavili_guestbook
|
Multiple cross-site scripting (XSS) vulnerabilities in Mavili Guestbook, as released in November 2007, allow remote attackers to inject arbitrary web script or HTML via the id parameter to (1) approv…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5296
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291827
|
- |
|
fusetalk
fusetalk.
|
fusetalk
|
Cross-site scripting (XSS) vulnerability in login.cfm in FuseTalk Forums 3.2 and earlier allows remote attackers to inject arbitrary web script or HTML via the windowed parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-5295
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291828
|
- |
|
mystorexpress
|
tienda_virtual
|
SQL injection vulnerability in art_detalle.php in MyStore Xpress Tienda Virtual allows remote attackers to execute arbitrary SQL commands via the id parameter.
|
CWE-89
SQL Injection
|
CVE-2012-5294
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291829
|
- |
|
redgraphic
|
sapid_cms
|
Multiple PHP remote file inclusion vulnerabilities in SAPID CMS 1.2.3 Stable allow remote attackers to execute arbitrary PHP code via a URL in the (1) GLOBALS[root_path] parameter to usr/extensions/g…
|
CWE-94
Code Injection
|
CVE-2012-5293
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291830
|
- |
|
atar2b
|
atar2b_cms
|
Multiple SQL injection vulnerabilities in Atar2b CMS 4.0.1 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) gallery_e.php, (2) pageE.php, or (3) pageH.php.
|
CWE-89
SQL Injection
|
CVE-2012-5292
|
2024-11-21 10:44 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
