|
294621
|
- |
|
tropos
|
mesh_os
1310_distrubution_automation_mesh_router
1410_mesh_router
1410_wireless_mesh_router
3310_indoor_mesh_router
3320_indoor_mesh_router
4310_mobile_mesh_router
6310_mesh_rout…
|
Mesh OS before 7.9.1.1 on Tropos wireless mesh routers does not use a sufficient source of entropy for SSH keys, which makes it easier for man-in-the-middle attackers to spoof a device or modify a cl…
|
CWE-310
Cryptographic Issues
|
CVE-2012-4898
|
2024-11-21 10:43 |
2012-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294622
|
- |
|
invensys
siemens
|
wonderware_intouch
processsuite
|
Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Ps_security.ini, which makes it easier for local users to discover passwords by re…
|
CWE-310
Cryptographic Issues
|
CVE-2012-4693
|
2024-11-21 10:43 |
2012-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294623
|
- |
|
siemens
|
automation_license_manager
|
Memory leak in Siemens Automation License Manager (ALM) 4.x and 5.x before 5.2 allows remote attackers to cause a denial of service (memory consumption) via crafted packets.
|
CWE-399
Resource Management Errors
|
CVE-2012-4691
|
2024-11-21 10:43 |
2012-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294624
|
- |
|
axway
|
securetransport
|
Multiple directory traversal vulnerabilities in Axway SecureTransport 5.1 SP2 and earlier allow remote authenticated users to (1) read, (2) delete, or (3) create files, or (4) list directories, via a…
|
CWE-22
Path Traversal
|
CVE-2012-4991
|
2024-11-21 10:43 |
2012-12-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294625
|
- |
|
layton_technology
|
helpbox
|
Layton Helpbox 4.4.0 allows remote attackers to discover cleartext credentials for the login page by sniffing the network.
|
CWE-310
Cryptographic Issues
|
CVE-2012-4977
|
2024-11-21 10:43 |
2012-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294626
|
- |
|
layton_technology
|
helpbox
|
selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an er…
|
CWE-200
Information Exposure
|
CVE-2012-4976
|
2024-11-21 10:43 |
2012-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294627
|
- |
|
layton_technology
|
helpbox
|
editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a modified sys_request_id parameter.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4975
|
2024-11-21 10:43 |
2012-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294628
|
- |
|
laytontechnology
|
helpbox
|
Layton Helpbox 4.4.0 allows remote authenticated users to change the login context and gain privileges via a modified (1) loggedinenduser, (2) loggedinendusername, (3) loggedinuserusergroup, (4) logg…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4974
|
2024-11-21 10:43 |
2012-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294629
|
- |
|
layton_technology
|
helpbox
|
Multiple cross-site scripting (XSS) vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sys_solution_id, (2) sys_requesttype_id, (3) sys_…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4972
|
2024-11-21 10:43 |
2012-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294630
|
- |
|
microsoft
|
exchange_server
|
Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS …
|
CWE-94
Code Injection
|
CVE-2012-4791
|
2024-11-21 10:43 |
2012-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
