|
294701
|
- |
|
esri
|
arcgis_server
|
SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service.
|
CWE-89
SQL Injection
|
CVE-2012-4949
|
2024-11-21 10:43 |
2012-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294702
|
- |
|
fortinet
|
fortigate-3140b
fortigate-60c
fortigate-3040b
fortigate-300c
fortigate-600c
fortigate-5001a-sw
fortigate-3240c
fortigate-310b
fortigate-800c
fortigate-5020
fortigate-100…
|
The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier …
|
CWE-295
Improper Certificate Validation
|
CVE-2012-4948
|
2024-11-21 10:43 |
2012-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294703
|
- |
|
ibm
|
websphere_application_server
|
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hij…
|
CWE-352
Origin Validation Error
|
CVE-2012-4853
|
2024-11-21 10:43 |
2012-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294704
|
- |
|
ibm
|
websphere_application_server
|
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4851
|
2024-11-21 10:43 |
2012-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294705
|
- |
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2012-4850
|
2024-11-21 10:43 |
2012-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294706
|
- |
|
ibm
|
cognos_business_intelligence
|
IBM Cognos Business Intelligence (BI) 8.4 and 8.4.1 allows remote authenticated users to cause a denial of service (CPU consumption) via a crafted request containing a zero-valued byte.
|
CWE-189
Numeric Errors
|
CVE-2012-4847
|
2024-11-21 10:43 |
2012-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294707
|
- |
|
microsoft
|
.net_framework
|
The code-optimization feature in the reflection implementation in Microsoft .NET Framework 4 and 4.5 does not properly enforce object permissions, which allows remote attackers to execute arbitrary c…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4777
|
2024-11-21 10:43 |
2012-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294708
|
- |
|
microsoft
|
.net_framework
|
The Web Proxy Auto-Discovery (WPAD) functionality in Microsoft .NET Framework 2.0 SP2, 3.5, 3.5.1, 4, and 4.5 does not validate configuration data that is returned during acquisition of proxy setting…
|
CWE-20
Improper Input Validation
|
CVE-2012-4776
|
2024-11-21 10:43 |
2012-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294709
|
- |
|
microsoft
|
internet_explorer
|
Use-after-free vulnerability in Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code via a crafted web site, aka "CTreeNode Use After Free Vulnerability."
|
CWE-399
Resource Management Errors
|
CVE-2012-4775
|
2024-11-21 10:43 |
2012-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
294710
|
- |
|
bestpractical
|
rt
|
Argument injection vulnerability in Request Tracker (RT) 3.8.x before 3.8.15 and 4.0.x before 4.0.8 allows remote attackers to create arbitrary files via unspecified vectors related to the GnuPG clie…
|
CWE-94
Code Injection
|
CVE-2012-4884
|
2024-11-21 10:43 |
2012-11-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
