|
296871
|
- |
|
moinmo
|
moinmoin
|
security/__init__.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4404
|
2024-11-21 10:42 |
2012-09-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296872
|
- |
|
cybozu
|
kunai
|
The WebView class in the Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary JavaScript code, and obtain sensitive information, via a crafted application th…
|
CWE-200
Information Exposure
|
CVE-2012-4012
|
2024-11-21 10:42 |
2012-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296873
|
- |
|
cybozu
|
kunai
|
The Cybozu KUNAI application before 2.0.6 for Android allows remote attackers to execute arbitrary Java methods, and obtain sensitive information or execute arbitrary commands, via a crafted web site.
|
CWE-78
OS Command
|
CVE-2012-4011
|
2024-11-21 10:42 |
2012-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296874
|
- |
|
php
canonical
debian
|
php
ubuntu_linux
debian_linux
|
The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote at…
|
CWE-20
Improper Input Validation
|
CVE-2012-4388
|
2024-11-21 10:42 |
2012-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296875
|
- |
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowf…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4397
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296876
|
- |
|
owncloud
|
owncloud
|
Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4395
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296877
|
- |
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) u…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4396
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296878
|
- |
|
owncloud
|
owncloud
|
Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4394
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296879
|
- |
|
owncloud
|
owncloud
|
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (…
|
CWE-352
Origin Validation Error
|
CVE-2012-4393
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296880
|
- |
|
owncloud
|
owncloud
|
index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.
|
CWE-287
Improper Authentication
|
CVE-2012-4392
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
