|
295871
|
- |
|
apache
|
cxf
|
Apache CXF before 2.4.9, 2.5.x before 2.5.5, and 2.6.x before 2.6.2 allows remote attackers to execute unintended web-service operations by sending a header with a SOAP Action String that is inconsis…
|
CWE-20
Improper Input Validation
|
CVE-2012-3451
|
2024-11-21 10:40 |
2012-09-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295872
|
- |
|
oracle
|
database_server
primavera_p6_enterprise_project_portfolio_management
|
The authentication protocol in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote attackers to obtain the session key and salt for arbitrary users, wh…
|
CWE-287
Improper Authentication
|
CVE-2012-3137
|
2024-11-21 10:40 |
2012-09-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295873
|
- |
|
apache
|
wicket
|
Cross-site scripting (XSS) vulnerability in Apache Wicket 1.4.x before 1.4.21 and 1.5.x before 1.5.8 allows remote attackers to inject arbitrary web script or HTML via vectors involving a %00 sequenc…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3373
|
2024-11-21 10:40 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295874
|
- |
|
oscommerce
paypal
|
online_merchant
website_payments_standard_module
|
The PayPal (aka MODULE_PAYMENT_PAYPAL_STANDARD) module before 1.1 in osCommerce Online Merchant before 2.3.4 allows remote attackers to set the payment recipient via a modified value of the merchant'…
|
NVD-CWE-Other
|
CVE-2012-2991
|
2024-11-21 10:40 |
2012-09-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295875
|
- |
|
hp
|
operations_orchestration
|
Unspecified vulnerability in HP Operations Orchestration 9.0 before 9.03 allows remote attackers to execute arbitrary code via unknown vectors.
|
NVD-CWE-noinfo
|
CVE-2012-3258
|
2024-11-21 10:40 |
2012-09-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295876
|
- |
|
siemens
|
simatic_pcs7
wincc
|
WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to discover a username and password via crafted parameters to unspecified method…
|
CWE-200
Information Exposure
|
CVE-2012-3034
|
2024-11-21 10:40 |
2012-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295877
|
- |
|
siemens
|
simatic_pcs7
wincc
|
SQL injection vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to execute arbitrary SQL commands via a crafted S…
|
CWE-89
SQL Injection
|
CVE-2012-3032
|
2024-11-21 10:40 |
2012-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295878
|
- |
|
siemens
|
simatic_pcs7
wincc
|
Multiple cross-site scripting (XSS) vulnerabilities in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allow remote attackers to inject arbitrary web sc…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3031
|
2024-11-21 10:40 |
2012-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295879
|
- |
|
siemens
|
simatic_pcs7
wincc
|
WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote at…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3030
|
2024-11-21 10:40 |
2012-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
295880
|
- |
|
siemens
|
simatic_pcs7
wincc
|
Cross-site request forgery (CSRF) vulnerability in WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, allows remote attackers to hijack the authentication …
|
CWE-352
Origin Validation Error
|
CVE-2012-3028
|
2024-11-21 10:40 |
2012-09-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
