|
293671
|
- |
|
redhat
|
enterprise_virtualization_manager
|
The domain management tool (rhevm-manage-domains) in Red Hat Enterprise Virtualization Manager (RHEV-M) 3.1 and earlier, when the validate action is enabled, logs the administrative password to a wor…
|
CWE-255
Credentials Management
|
CVE-2012-6115
|
2024-11-21 10:45 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293672
|
- |
|
redhat
|
automatic_bug_reporting_tool
|
abrt-action-install-debuginfo in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to set world-writable permissions for arbitrary files and possibly gain privileges via a syml…
|
CWE-264
CWE-362
Permissions, Privileges, and Access Controls
Race Condition
|
CVE-2012-5660
|
2024-11-21 10:45 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293673
|
- |
|
redhat
|
automatic_bug_reporting_tool
|
Untrusted search path vulnerability in plugins/abrt-action-install-debuginfo-to-abrt-cache.c in Automatic Bug Reporting Tool (ABRT) 2.0.9 and earlier allows local users to load and execute arbitrary …
|
NVD-CWE-Other
|
CVE-2012-5659
|
2024-11-21 10:45 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293674
|
- |
|
apache
|
cxf
|
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to …
|
CWE-287
Improper Authentication
|
CVE-2012-5633
|
2024-11-21 10:45 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293675
|
- |
|
redhat
|
jboss_enterprise_web_platform
jboss_enterprise_application_platform
|
The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5629
|
2024-11-21 10:45 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293676
|
- |
|
redhat
|
aeolus_conductor
|
The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6118
|
2024-11-21 10:45 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293677
|
- |
|
redhat
|
cloudforms_cloud_engine
|
Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to re…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6117
|
2024-11-21 10:45 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293678
|
- |
|
inkscape
|
inkscape
|
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and poss…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6076
|
2024-11-21 10:45 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293679
|
- |
|
ibm
|
tivoli_application_dependency_discovery_manager
|
Cross-site scripting (XSS) vulnerability in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticat…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5942
|
2024-11-21 10:45 |
2013-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
293680
|
- |
|
ibm
|
tivoli_application_dependency_discovery_manager
|
Cross-site scripting (XSS) vulnerability in Welcome.do in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remo…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5939
|
2024-11-21 10:45 |
2013-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
