|
301831
|
9.8 |
CRITICAL
Network
|
apache
|
cxf
|
The WS-SP UsernameToken policy in Apache CXF 2.4.5 and 2.5.1 allows remote attackers to bypass authentication by sending an empty UsernameToken as part of a SOAP request.
|
CWE-287
Improper Authentication
|
CVE-2012-0803
|
2024-11-21 10:35 |
2017-08-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301832
|
- |
|
postfix
|
postfix
|
Multiple SQL injection vulnerabilities in Postfix Admin (aka postfixadmin) before 2.3.5 allow remote authenticated users to execute arbitrary SQL commands via (1) the pw parameter to the pacrypt func…
|
CWE-89
SQL Injection
|
CVE-2012-0811
|
2024-11-21 10:35 |
2014-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301833
|
- |
|
opensuse
systemd_project
|
opensuse
systemd
|
The session_link_x11_socket function in login/logind-session.c in systemd-logind in systemd, possibly 37 and earlier, allows local users to create or overwrite arbitrary files via a symlink attack on…
|
CWE-59
Link Following
|
CVE-2012-0871
|
2024-11-21 10:35 |
2014-04-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301834
|
- |
|
puppet
|
puppet_enterprise
puppet_dashboard
|
Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or …
|
CWE-79
Cross-site Scripting
|
CVE-2012-0891
|
2024-11-21 10:35 |
2014-03-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301835
|
- |
|
systemtap
|
systemtap
|
SystemTap 1.7, 1.6.7, and probably other versions, when unprivileged mode is enabled, allows local users to obtain sensitive information from kernel memory or cause a denial of service (kernel panic …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0875
|
2024-11-21 10:35 |
2014-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301836
|
- |
|
redhat
augeas
|
enterprise_linux
augeas
|
The clone_file function in transfer.c in Augeas before 1.0.0, when copy_if_rename_fails is set and EXDEV or EBUSY is returned by the rename function, allows local users to overwrite arbitrary files a…
|
NVD-CWE-noinfo
|
CVE-2012-0787
|
2024-11-21 10:35 |
2013-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301837
|
- |
|
augeas
|
augeas
|
The transform_save function in transform.c in Augeas before 1.0.0 allows local users to overwrite arbitrary files and obtain sensitive information via a symlink attack on a .augnew file.
|
CWE-59
Link Following
|
CVE-2012-0786
|
2024-11-21 10:35 |
2013-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301838
|
- |
|
drupal
|
drupal
|
The File module in Drupal 7.x before 7.11, when using unspecified field access modules, allows remote authenticated users to read arbitrary private files that are associated with restricted fields vi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-0827
|
2024-11-21 10:35 |
2013-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301839
|
- |
|
drupal
|
drupal
|
Cross-site request forgery (CSRF) vulnerability in the Aggregator module in Drupal 6.x before 6.23 and 7.x before 7.11 allows remote attackers to hijack the authentication of unspecified victims for …
|
CWE-352
Origin Validation Error
|
CVE-2012-0826
|
2024-11-21 10:35 |
2013-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
301840
|
- |
|
drupal
|
drupal
|
Drupal 6.x before 6.23 and 7.x before 7.11 does not verify that Attribute Exchange (AX) information is signed, which allows remote attackers to modify potentially sensitive AX information without det…
|
CWE-200
Information Exposure
|
CVE-2012-0825
|
2024-11-21 10:35 |
2013-10-29 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
