|
292661
|
- |
|
joobi
|
com_jnews
|
The jNews (com_jnews) component 7.5.1 for Joomla! allows remote attackers to obtain sensitive information via the emailsearch parameter, which reveals the installation path in an error message.
|
CWE-200
Information Exposure
|
CVE-2012-4256
|
2024-11-21 10:42 |
2012-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292662
|
- |
|
mysqldumper
|
mysqldumper
|
MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information via a direct request to learn/cubemail/refresh_dblist.php, which reveals the installation path in an error message.
|
CWE-200
Information Exposure
|
CVE-2012-4255
|
2024-11-21 10:42 |
2012-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292663
|
- |
|
mysqldumper
|
mysqldumper
|
MySQLDumper 1.24.4 allows remote attackers to obtain sensitive information (Notices) via a direct request to (1) learn/cubemail/restore.php or (2) learn/cubemail/dump.php.
|
CWE-200
Information Exposure
|
CVE-2012-4254
|
2024-11-21 10:42 |
2012-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292664
|
- |
|
mysqldumper
|
mysqldumper
|
Multiple directory traversal vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to read arbitrary files via a .. (dot dot) in the (1) language parameter to learn/cubemail/install.php or (2)…
|
CWE-22
Path Traversal
|
CVE-2012-4253
|
2024-11-21 10:42 |
2012-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292665
|
- |
|
mysqldumper
|
mysqldumper
|
Multiple cross-site request forgery (CSRF) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to hijack the authentication of administrators for requests that (1) remove file access restric…
|
CWE-352
Origin Validation Error
|
CVE-2012-4252
|
2024-11-21 10:42 |
2012-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292666
|
- |
|
mysqldumper
|
mysqldumper
|
Multiple cross-site scripting (XSS) vulnerabilities in MySQLDumper 1.24.4 allow remote attackers to inject arbitrary web script or HTML via the (1) page parameter to index.php, (2) phase parameter to…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4251
|
2024-11-21 10:42 |
2012-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292667
|
- |
|
samsung
|
net-i_viewer
|
Stack-based buffer overflow in the RequestScreenOptimization function in the XProcessControl.ocx ActiveX control in msls31.dll in Samsung NET-i viewer 1.37 allows remote attackers to execute arbitrar…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-4250
|
2024-11-21 10:42 |
2012-08-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292668
|
- |
|
amazon
|
kindle_touch
|
The Amazon Lab126 com.lab126.system sendEvent implementation on the Kindle Touch before 5.1.2 allows context-dependent attackers to execute arbitrary commands via shell metacharacters in a string, as…
|
CWE-94
Code Injection
|
CVE-2012-4249
|
2024-11-21 10:42 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292669
|
- |
|
amazon
|
kindle_touch
|
The Amazon Kindle Touch before 5.1.2 does not properly restrict access to the libkindleplugin.so NPAPI plugin interface, which might allow remote attackers to have an unspecified impact via vectors i…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4248
|
2024-11-21 10:42 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292670
|
- |
|
dir2web
|
dir2web
|
SQL injection vulnerability in system/src/dispatcher.php in Dir2web 3.0 allows remote attackers to execute arbitrary SQL commands via the oid parameter in a homepage action to index.php.
|
CWE-89
SQL Injection
|
CVE-2012-4070
|
2024-11-21 10:42 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
