|
297001
|
- |
|
tornadoweb
|
tornado
|
CRLF injection vulnerability in the tornado.web.RequestHandler.set_header function in Tornado before 2.2.1 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting…
|
CWE-20
Improper Input Validation
|
CVE-2012-2374
|
2024-11-21 10:38 |
2012-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297002
|
- |
|
cypherpunks
|
pidgin-otr
|
Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbi…
|
CWE-134
Use of Externally-Controlled Format String
|
CVE-2012-2369
|
2024-11-21 10:38 |
2012-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297003
|
- |
|
schneider-electric
|
kerweb
kerwin
|
Multiple cross-site scripting (XSS) vulnerabilities in Schneider Electric Kerweb before 3.0.1 and Kerwin before 6.0.1 allow remote attackers to inject arbitrary web script or HTML via (1) the evtvari…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1990
|
2024-11-21 10:38 |
2012-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297004
|
- |
|
geoff_davies
|
contact_forms
|
The Contact Forms module 7.x-1.x before 7.x-1.2 for Drupal does not specify sufficiently restrictive permissions, which allows remote authenticated users with the "access the site-wide contact form" …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2340
|
2024-11-21 10:38 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297005
|
- |
|
nancy_wichmann
drupal
|
glossary
drupal
|
Cross-site scripting (XSS) vulnerability in the Glossary module 6.x-1.x before 6.x-1.8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to "ta…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2339
|
2024-11-21 10:38 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297006
|
- |
|
johan_cwiklinski
|
galette
|
SQL injection vulnerability in includes/picture.class.php in Galette 0.63, 0.63.1, 0.63.2, 0.63.3, and 0.64rc1 allows remote attackers to execute arbitrary SQL commands via the id_adh parameter to pi…
|
CWE-89
SQL Injection
|
CVE-2012-2338
|
2024-11-21 10:38 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297007
|
- |
|
skincrafter
|
skincrafter
|
Buffer overflow in the InitLicenKeys function in a certain ActiveX control in SkinCrafter3_vs2005.dll in SkinCrafter 3.0 allows remote attackers to execute arbitrary code via a long string in the fir…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-2271
|
2024-11-21 10:38 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297008
|
- |
|
php
|
php
|
Buffer overflow in the com_print_typeinfo function in PHP 5.4.3 and earlier on Windows allows remote attackers to execute arbitrary code via crafted arguments that trigger incorrect handling of COM o…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-2376
|
2024-11-21 10:38 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297009
|
- |
|
rahul_singla
|
take_control
|
Cross-site request forgery (CSRF) vulnerability in the Take Control module 6.x-2.x before 6.x-2.2 for Drupal allows remote attackers to hijack the authentication of unspecified users for Ajax request…
|
CWE-352
Origin Validation Error
|
CVE-2012-2341
|
2024-11-21 10:38 |
2012-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
297010
|
- |
|
connman
|
connman
|
Integer overflow in the dhcpv6_get_option function in gdhcp/client.c in ConnMan before 0.85 allows remote attackers to cause a denial of service (infinite loop and crash) via an invalid length value …
|
CWE-189
Numeric Errors
|
CVE-2012-2322
|
2024-11-21 10:38 |
2012-05-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
