|
294601
|
- |
|
redhat
|
cloudforms
|
Pulp in Red Hat CloudForms before 1.1 uses world-readable permissions for pulp.conf, which allows local users to read the administrative password by reading this file.
|
CWE-255
Credentials Management
|
CVE-2012-4574
|
2024-11-21 10:43 |
2013-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294602
|
- |
|
redhat
|
certificate_system
|
The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 allows remote attackers to cause a denial of service (Apache httpd web server child process restart) via certai…
|
CWE-20
Improper Input Validation
|
CVE-2012-4556
|
2024-11-21 10:43 |
2013-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294603
|
- |
|
redhat
|
certificate_system
|
The token processing system (pki-tps) in Red Hat Certificate System (RHCS) before 8.1.3 does not properly handle interruptions of token format operations, which allows remote attackers to cause a den…
|
NVD-CWE-Other
|
CVE-2012-4555
|
2024-11-21 10:43 |
2013-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294604
|
- |
|
redhat
|
certificate_system
|
Multiple cross-site scripting (XSS) vulnerabilities in Red Hat Certificate System (RHCS) before 8.1.3 allow remote attackers to inject arbitrary web script or HTML via the (1) pageStart or (2) pageSi…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4543
|
2024-11-21 10:43 |
2013-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294605
|
- |
|
elinks
|
elinks
|
The http_negotiate_create_context function in protocol/http/http_negotiate.c in ELinks 0.12 before 0.12pre6, when using HTTP Negotiate or GSS-Negotiate authentication, delegates user credentials thro…
|
CWE-287
Improper Authentication
|
CVE-2012-4545
|
2024-11-21 10:43 |
2013-01-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294606
|
- |
|
polycom
|
hdx_system_software
|
Cross-site scripting (XSS) vulnerability in the web management interface on Polycom HDX Video End Points with UC APL software before 2.7.1.1_J, and commercial software before 3.0.5, allows remote att…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4970
|
2024-11-21 10:43 |
2013-01-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294607
|
- |
|
i-gen
|
oplynx
|
The Central application in i-GEN opLYNX before 2.01.9 allows remote attackers to bypass authentication via vectors involving the disabling of browser JavaScript support.
|
CWE-287
Improper Authentication
|
CVE-2012-4688
|
2024-11-21 10:43 |
2012-12-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294608
|
- |
|
simple_invoices
|
simple_invoices
|
Multiple cross-site scripting (XSS) vulnerabilities in SimpleInvoices before stable-2012-1-CIS3000 allow remote attackers to inject arbitrary web script or HTML via (1) the having parameter in a mana…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4932
|
2024-11-21 10:43 |
2012-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294609
|
- |
|
trustwave
opensuse
fedoraproject
|
modsecurity
opensuse
fedora
|
The mod_security2 module before 2.7.0 for the Apache HTTP Server allows remote attackers to bypass rules, and deliver arbitrary POST data to a PHP application, via a multipart request in which an inv…
|
NVD-CWE-noinfo
|
CVE-2012-4528
|
2024-11-21 10:43 |
2012-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294610
|
- |
|
emc
|
data_protection_advisor
|
Directory traversal vulnerability in the Web UI in EMC Data Protection Advisor (DPA) 5.6 through SP1, 5.7 through SP1, and 5.8 through SP4 allows remote attackers to read arbitrary files via unspecif…
|
CWE-22
Path Traversal
|
CVE-2012-4616
|
2024-11-21 10:43 |
2012-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
