|
292981
|
- |
|
drupal
|
drupal
|
The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installati…
|
CWE-200
Information Exposure
|
CVE-2012-2922
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292982
|
- |
|
mark_pilgrim
|
feedparser
|
Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII …
|
CWE-399
Resource Management Errors
|
CVE-2012-2921
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292983
|
- |
|
user_photo
|
user_photo
|
Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2920
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292984
|
- |
|
chevereto
|
chevereto
|
Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter.
|
CWE-22
Path Traversal
|
CVE-2012-2919
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292985
|
- |
|
chevereto
|
chevereto
|
Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-2918
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292986
|
- |
|
hp
|
business_service_management
|
HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server compo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2561
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292987
|
- |
|
andrew_killen
|
share_and_follow
|
Cross-site scripting (XSS) vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key (cnd-key) in a share-an…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2917
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292988
|
- |
|
dlo
|
simple_anti_bot_registration_engine_plugin
|
Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option par…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2916
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292989
|
- |
|
lattice_semiconductor
|
pac-designer
|
Stack-based buffer overflow in Lattice Semiconductor PAC-Designer 6.2.1344 allows remote attackers to execute arbitrary code via a long string in a Value tag in a SymbolicSchematicData definition tag…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-2915
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292990
|
- |
|
unijimpe
|
captcha
|
Cross-site scripting (XSS) vulnerability in captchademo.php in Unijimpe Captcha allows remote attackers to inject arbitrary web script or HTML via the PATH_INFO.
|
CWE-79
Cross-site Scripting
|
CVE-2012-2914
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
