|
296071
|
- |
|
ushahidi
|
ushahidi_platform
|
Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the messages admin functionality in appl…
|
CWE-89
SQL Injection
|
CVE-2012-3469
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296072
|
- |
|
ushahidi
|
ushahidi_platform
|
Multiple SQL injection vulnerabilities in the Ushahidi Platform before 2.5 allow remote attackers to execute arbitrary SQL commands via vectors related to (1) the verify function in application/contr…
|
CWE-89
SQL Injection
|
CVE-2012-3468
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296073
|
- |
|
caucho
|
resin
|
Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to bypass intended restrictions on filename extensions for created files via a %00 sequence in a pathname within an HTTP…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2969
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296074
|
- |
|
caucho
|
resin
|
Directory traversal vulnerability in Caucho Quercus, as distributed in Resin before 4.0.29, allows remote attackers to create files in arbitrary directories via a .. (dot dot) in a pathname within an…
|
CWE-22
Path Traversal
|
CVE-2012-2968
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296075
|
- |
|
caucho
|
resin
|
Caucho Quercus, as distributed in Resin before 4.0.29, does not properly implement the == (equals sign equals sign) operator for comparisons, which has unspecified impact and context-dependent attack…
|
NVD-CWE-Other
|
CVE-2012-2967
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296076
|
- |
|
caucho
|
resin
|
Caucho Quercus, as distributed in Resin before 4.0.29, overwrites entries in the SERVER superglobal array on the basis of POST parameters, which has unspecified impact and remote attack vectors.
|
NVD-CWE-Other
|
CVE-2012-2966
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296077
|
- |
|
caucho
|
resin
|
Caucho Quercus, as distributed in Resin before 4.0.29, does not properly handle unspecified characters in the names of variables, which has unknown impact and remote attack vectors, related to an "HT…
|
CWE-20
Improper Input Validation
|
CVE-2012-2965
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296078
|
- |
|
breakingpointsystems
|
breakingpoint_storm_appliance_ctm
breakingpoint_storm_appliance
|
The BreakingPoint Storm appliance before 3.0 requires cleartext credentials for establishing a session from a GUI administrative client, which allows remote attackers to obtain sensitive information …
|
CWE-20
Improper Input Validation
|
CVE-2012-2964
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296079
|
- |
|
breakingpointsystems
|
breakingpoint_storm_appliance_ctm
breakingpoint_storm_appliance
|
The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to …
|
CWE-287
Improper Authentication
|
CVE-2012-2963
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296080
|
- |
|
pnp4nagios
|
pnp4nagios
|
PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3457
|
2024-11-21 10:40 |
2012-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
