|
294191
|
- |
|
caucho
|
resin
|
Directory traversal vulnerability in Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to create files in arbitrary directories via a .. (dot dot) in a pathname within an…
|
CWE-22
Path Traversal
|
CVE-2012-2968
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294192
|
- |
|
caucho
|
resin
|
Caucho Quercus, as distributed in Resin before 4.0.29, does not properly implement the == (equals sign equals sign) operator for comparisons, which has unspecified impact and context-dependent attack…
|
NVD-CWE-Other
|
CVE-2012-2967
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294193
|
- |
|
caucho
|
resin
|
Caucho Quercus, as distributed in Resin before 4.0.29, overwrites entries in the SERVER superglobal array on the basis of POST parameters, which has unspecified impact and remote attack vectors.
|
NVD-CWE-Other
|
CVE-2012-2966
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294194
|
- |
|
caucho
|
resin
|
Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of variables, which has unknown impact and remote attack vectors, related to an "HT…
|
CWE-20
Improper Input Validation
|
CVE-2012-2965
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294195
|
- |
|
breakingpointsystems
|
breakingpoint_storm_appliance_ctm
breakingpoint_storm_appliance
|
The BreakingPoint Storm appliance before 3.0 requires cleartext credentials for establishing a session from a GUI administrative client, which allows remote attackers to obtain sensitive information …
|
CWE-20
Improper Input Validation
|
CVE-2012-2964
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294196
|
- |
|
breakingpointsystems
|
breakingpoint_storm_appliance_ctm
breakingpoint_storm_appliance
|
The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to …
|
CWE-287
Improper Authentication
|
CVE-2012-2963
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294197
|
- |
|
pnp4nagios
|
pnp4nagios
|
PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3457
|
2024-11-21 10:40 |
2012-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294198
|
- |
|
oracle
|
database_server
|
SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors in…
|
CWE-89
SQL Injection
|
CVE-2012-3132
|
2024-11-21 10:40 |
2012-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294199
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 a…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3465
|
2024-11-21 10:40 |
2012-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294200
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow re…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3464
|
2024-11-21 10:40 |
2012-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
