|
301791
|
- |
|
xwiki
|
xwiki_enterprise
|
Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) XWiki.XWikiComments_comment parameter to xwiki/bi…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1019
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301792
|
- |
|
dmackmedia
|
mod_currencyconverter
|
Cross-site scripting (XSS) vulnerability in includes/convert.php in D-Mack Media Currency Converter (mod_currencyconverter) module 1.0.0 for Joomla! allows remote attackers to inject arbitrary web sc…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1018
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301793
|
- |
|
secureideas
|
base
|
Multiple SQL injection vulnerabilities in base_qry_main.php in Basic Analysis and Security Engine (BASE) 1.4.5 allow remote attackers to execute arbitrary SQL commands via the (1) ip_addr[0][1], (2) …
|
CWE-89
SQL Injection
|
CVE-2012-1017
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301794
|
- |
|
likno
|
allwebmenus_plugin
|
actions.php in the AllWebMenus plugin 1.1.8 for WordPress allows remote attackers to bypass intended access restrictions to upload and execute arbitrary PHP code by setting the HTTP_REFERER to a cert…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1011
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301795
|
- |
|
likno
|
allwebmenus_plugin
|
Unrestricted file upload vulnerability in actions.php in the AllWebMenus plugin before 1.1.8 for WordPress allows remote attackers to execute arbitrary PHP code by uploading a ZIP file containing a P…
|
CWE-20
Improper Input Validation
|
CVE-2012-1010
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301796
|
- |
|
sphinx-soft
|
mobile_web_server
|
Multiple cross-site scripting (XSS) vulnerabilities in Sphinx Software Mobile Web Server 3.1.2.47 allow remote attackers to inject arbitrary web script or HTML via the comment parameter to a blog, as…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1005
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301797
|
- |
|
openemr
|
openemr
|
interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter.
|
CWE-20
Improper Input Validation
|
CVE-2012-0992
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301798
|
- |
|
openemr
|
openemr
|
Multiple directory traversal vulnerabilities in OpenEMR 4.1.0 allow remote authenticated users to read arbitrary files via a .. (dot dot) in the formname parameter to (1) contrib/acog/print_form.php;…
|
CWE-22
Path Traversal
|
CVE-2012-0991
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301799
|
- |
|
dclassifieds
|
dclassifieds
|
Cross-site request forgery (CSRF) vulnerability in admin/settings/update in DClassifieds 0.1 final allows remote attackers to hijack the authentication of administrators for requests that modify acco…
|
CWE-352
Origin Validation Error
|
CVE-2012-0990
|
2024-11-21 10:36 |
2012-02-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301800
|
- |
|
apache
|
struts
|
Multiple cross-site scripting (XSS) vulnerabilities in Apache Struts 1.3.10 allow remote attackers to inject arbitrary web script or HTML via (1) the name parameter to struts-examples/upload/upload-s…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1007
|
2024-11-21 10:36 |
2012-02-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
