|
292941
|
- |
|
bloxx
|
web_filtering
|
Bloxx Web Filtering before 5.0.14 does not properly interpret X-Forwarded-For headers during access-control and logging operations for HTTPS connection attempts, which allows remote attackers to bypa…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2566
|
2024-11-21 10:39 |
2012-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292942
|
- |
|
bloxx
|
web_filtering
|
Bloxx Web Filtering before 5.0.14 does not use a salt during calculation of a password hash, which makes it easier for context-dependent attackers to determine cleartext passwords via a rainbow-table…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2565
|
2024-11-21 10:39 |
2012-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292943
|
- |
|
bloxx
|
web_filtering
|
Multiple cross-site request forgery (CSRF) vulnerabilities in the administrative interface in Bloxx Web Filtering before 5.0.14 allow remote attackers to hijack the authentication of administrators f…
|
CWE-352
Origin Validation Error
|
CVE-2012-2564
|
2024-11-21 10:39 |
2012-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292944
|
- |
|
bloxx
|
web_filtering
|
Multiple cross-site scripting (XSS) vulnerabilities in Bloxx Web Filtering before 5.0.14 allow (1) remote attackers to inject arbitrary web script or HTML via web traffic that is examined within the …
|
CWE-79
Cross-site Scripting
|
CVE-2012-2563
|
2024-11-21 10:39 |
2012-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292945
|
- |
|
siemens
|
wincc
|
Buffer overflow in the DiagAgent web server in Siemens WinCC 7.0 SP3 through Update 2 allows remote attackers to cause a denial of service (agent outage) via crafted input.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-2598
|
2024-11-21 10:39 |
2012-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292946
|
- |
|
siemens
|
wincc
|
Multiple directory traversal vulnerabilities in Siemens WinCC 7.0 SP3 before Update 2 allow remote authenticated users to read arbitrary files via a crafted parameter in a URL.
|
CWE-22
Path Traversal
|
CVE-2012-2597
|
2024-11-21 10:39 |
2012-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292947
|
- |
|
siemens
|
wincc
|
The XPath functionality in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 does not properly handle special characters in parameters, which allows remote authenticated users to …
|
CWE-94
Code Injection
|
CVE-2012-2596
|
2024-11-21 10:39 |
2012-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292948
|
- |
|
siemens
|
wincc
|
Multiple cross-site scripting (XSS) vulnerabilities in unspecified web applications in Siemens WinCC 7.0 SP3 before Update 2 allow remote attackers to inject arbitrary web script or HTML via vectors …
|
CWE-79
Cross-site Scripting
|
CVE-2012-2595
|
2024-11-21 10:39 |
2012-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292949
|
- |
|
collabnet
|
scrumworks
|
The server in CollabNet ScrumWorks Pro before 6.0 allows remote authenticated users to gain privileges and obtain sensitive information via a modified desktop client.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2603
|
2024-11-21 10:39 |
2012-06-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292950
|
- |
|
s9y
|
serendipity
|
SQL injection vulnerability in include/functions_trackbacks.inc.php in Serendipity 1.6.2 allows remote attackers to execute arbitrary SQL commands via the url parameter to comment.php.
|
CWE-89
SQL Injection
|
CVE-2012-2762
|
2024-11-21 10:39 |
2012-06-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
