|
293101
|
- |
|
apache
|
wicket
|
Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequenc…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3373
|
2024-11-21 10:40 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293102
|
- |
|
oscommerce
paypal
|
online_merchant
website_payments_standard_module
|
The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant'…
|
NVD-CWE-Other
|
CVE-2012-2991
|
2024-11-21 10:40 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293103
|
- |
|
hp
|
operations_orchestration
|
Unspecified vulnerability in HP Operations Orchestration 9.0 before 9.03 allows remote attackers to execute arbitrary code via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2012-3258
|
2024-11-21 10:40 |
2012-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293104
|
- |
|
siemens
|
simatic_pcs7
wincc
|
WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified method…
|
CWE-200
Information Exposure
|
CVE-2012-3034
|
2024-11-21 10:40 |
2012-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293105
|
- |
|
siemens
|
simatic_pcs7
wincc
|
SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted S…
|
CWE-89
SQL Injection
|
CVE-2012-3032
|
2024-11-21 10:40 |
2012-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293106
|
- |
|
siemens
|
simatic_pcs7
wincc
|
Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web sc…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3031
|
2024-11-21 10:40 |
2012-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293107
|
- |
|
siemens
|
simatic_pcs7
wincc
|
WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote at…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3030
|
2024-11-21 10:40 |
2012-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293108
|
- |
|
siemens
|
simatic_pcs7
wincc
|
Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication …
|
CWE-352
Origin Validation Error
|
CVE-2012-3028
|
2024-11-21 10:40 |
2012-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293109
|
- |
|
cososys
|
endpoint_protector_appliace_4
|
The CoSoSys Endpoint Protector 4 appliance establishes an EPProot password based entirely on the appliance serial number, which makes it easier for remote attackers to obtain access via a brute-force…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2994
|
2024-11-21 10:40 |
2012-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293110
|
5.9 |
MEDIUM
Network
|
microsoft
|
windows_phone_7_firmware
|
Microsoft Windows Phone 7 does not verify the domain name in the subject's Common Name (CN) field of an X.509 certificate, which allows man-in-the-middle attackers to spoof an SSL server for the (1) …
|
CWE-295
Improper Certificate Validation
|
CVE-2012-2993
|
2024-11-21 10:40 |
2012-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
