|
292971
|
- |
|
xarrow
|
xarrow
|
The server in xArrow before 3.4.1 does not properly allocate memory, which allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via unspecified vectors.
|
CWE-399
Resource Management Errors
|
CVE-2012-2426
|
2024-11-21 10:39 |
2012-05-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292972
|
- |
|
netweblogic
|
login_with_ajax
|
Cross-site scripting (XSS) vulnerability in login-with-ajax.php in the Login With Ajax (aka login-with-ajax) plugin before 3.0.4.1 for WordPress allows remote attackers to inject arbitrary web script…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2759
|
2024-11-21 10:39 |
2012-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292973
|
- |
|
atlassian
gliffy
|
jira
gliffy
confluence_server
|
The Gliffy plugin before 3.7.1 for Atlassian JIRA, and before 4.2 for Atlassian Confluence, does not properly restrict the capabilities of third-party XML parsers, which allows remote attackers to re…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2928
|
2024-11-21 10:39 |
2012-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292974
|
- |
|
tm_software
|
tempo
tempo6.3.0
tempo6.3.2
|
The TM Software Tempo plugin before 6.4.3.1, 6.5.x before 6.5.0.2, and 7.x before 7.0.3 for Atlassian JIRA does not properly restrict the capabilities of third-party XML parsers, which allows remote …
|
CWE-399
Resource Management Errors
|
CVE-2012-2927
|
2024-11-21 10:39 |
2012-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292975
|
- |
|
xelex
|
mobiletrack
|
The Xelex MobileTrack application 2.3.7 and earlier for Android uses hardcoded credentials, which allows remote attackers to obtain sensitive information via an unencrypted (1) FTP or (2) HTTP sessio…
|
CWE-255
Credentials Management
|
CVE-2012-2567
|
2024-11-21 10:39 |
2012-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292976
|
- |
|
xelex
|
mobiletrack
|
The Xelex MobileTrack application 2.3.7 and earlier for Android does not verify the origin of SMS commands, which allows remote attackers to execute a (1) LOCATE, (2) TRACK, (3) UPDATECFG, (4) UPDATE…
|
CWE-287
CWE-20
Improper Authentication
Improper Input Validation
|
CVE-2012-2562
|
2024-11-21 10:39 |
2012-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292977
|
- |
|
simple_php_agenda
|
simple_php_agenda
|
SQL injection vulnerability in engine.php in Simple PHP Agenda 2.2.8 allows remote attackers to execute arbitrary SQL commands via the priority parameter in an addTodo action.
|
CWE-89
SQL Injection
|
CVE-2012-2925
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292978
|
9.1 |
CRITICAL
Network
|
atlassian
|
fisheye
confluence
jira
crucible
crowd
confluence_server
bamboo
|
Atlassian JIRA before 5.0.1; Confluence before 3.5.16, 4.0 before 4.0.7, and 4.1 before 4.1.10; FishEye and Crucible before 2.5.8, 2.6 before 2.6.8, and 2.7 before 2.7.12; Bamboo before 3.3.4 and 3.4…
|
NVD-CWE-noinfo
|
CVE-2012-2926
|
2024-11-21 10:39 |
2012-05-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292979
|
- |
|
hypermethod
|
elearning_server
|
PHP remote file inclusion vulnerability in admin/setup.inc.php in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
|
CWE-94
Code Injection
|
CVE-2012-2924
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292980
|
- |
|
hypermethod
|
elearning_server
|
SQL injection vulnerability in news.php4 in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary SQL commands via the nid parameter.
|
CWE-89
SQL Injection
|
CVE-2012-2923
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
