|
292411
|
- |
|
mike_carr
|
flogr
|
Multiple cross-site scripting (XSS) vulnerabilities in index.php in Flogr 2.5.6 and earlier allow remote attackers to inject arbitrary web script or HTML via (1) the PATH_INFO or (2) an arbitrary par…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4336
|
2024-11-21 10:42 |
2012-09-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292412
|
- |
|
google
|
mod_pagespeed
|
Cross-site scripting (XSS) vulnerability in the mod_pagespeed module 0.10.19.1 through 0.10.22.4 for the Apache HTTP Server allows remote attackers to inject arbitrary web script or HTML via unspecif…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4360
|
2024-11-21 10:42 |
2012-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292413
|
- |
|
google
|
mod_pagespeed
|
The mod_pagespeed module before 0.10.22.6 for the Apache HTTP Server does not properly verify its host name, which allows remote attackers to trigger HTTP requests to arbitrary hosts via unspecified …
|
CWE-20
Improper Input Validation
|
CVE-2012-4001
|
2024-11-21 10:42 |
2012-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292414
|
- |
|
cybozu
|
kunai_browser_for_remote_service
|
The WebView class in the Cybozu KUNAI Browser for Remote Service application beta for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a cra…
|
CWE-200
Information Exposure
|
CVE-2012-4013
|
2024-11-21 10:42 |
2012-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292415
|
- |
|
wordpress
|
wordpress
|
wp-admin/plugins.php in WordPress before 3.4.2, when the multisite feature is enabled, does not check for network-administrator privileges before performing a network-wide activation of an installed …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4422
|
2024-11-21 10:42 |
2012-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292416
|
- |
|
wordpress
|
wordpress
|
The create_post function in wp-includes/class-wp-atom-server.php in WordPress before 3.4.2 does not perform a capability check, which allows remote authenticated users to bypass intended access restr…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4421
|
2024-11-21 10:42 |
2012-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292417
|
- |
|
torproject
|
tor
|
The compare_tor_addr_to_addr_policy function in or/policies.c in Tor before 0.2.2.39, and 0.2.3.x before 0.2.3.21-rc, allows remote attackers to cause a denial of service (assertion failure and daemo…
|
NVD-CWE-noinfo
|
CVE-2012-4419
|
2024-11-21 10:42 |
2012-09-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292418
|
- |
|
isc
|
bind
|
ISC BIND 9.x before 9.7.6-P3, 9.8.x before 9.8.3-P3, 9.9.x before 9.9.1-P3, and 9.4-ESV and 9.6-ESV before 9.6-ESV-R7-P3 allows remote attackers to cause a denial of service (assertion failure and na…
|
NVD-CWE-noinfo
|
CVE-2012-4244
|
2024-11-21 10:42 |
2012-09-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292419
|
- |
|
moinmo
|
moinmoin
|
security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4404
|
2024-11-21 10:42 |
2012-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292420
|
- |
|
cybozu
|
kunai
|
The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application th…
|
CWE-200
Information Exposure
|
CVE-2012-4012
|
2024-11-21 10:42 |
2012-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
