|
296001
|
- |
|
joomla
|
joomla\!
|
Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a dup…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1611
|
2024-11-21 10:37 |
2012-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296002
|
- |
|
pkp
|
open_journal_systems
|
Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) edito…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1469
|
2024-11-21 10:37 |
2012-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296003
|
- |
|
pkp
|
open_journal_systems
|
Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executa…
|
NVD-CWE-Other
|
CVE-2012-1468
|
2024-11-21 10:37 |
2012-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296004
|
- |
|
pkp
|
open_journal_systems
|
Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files…
|
CWE-22
Path Traversal
|
CVE-2012-1467
|
2024-11-21 10:37 |
2012-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296005
|
- |
|
scott_wheeler
|
taglib
|
Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header…
|
CWE-189
Numeric Errors
|
CVE-2012-1584
|
2024-11-21 10:37 |
2012-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296006
|
- |
|
coppermine-gallery
|
coppermine_photo_gallery
|
Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat paramete…
|
CWE-200
Information Exposure
|
CVE-2012-1614
|
2024-11-21 10:37 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296007
|
- |
|
coppermine-gallery
|
coppermine_photo_gallery
|
Cross-site scripting (XSS) vulnerability in edit_one_pic.php in Coppermine Photo Gallery before 1.5.20 allows remote authenticated users with certain privileges to inject arbitrary web script or HTML…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1613
|
2024-11-21 10:37 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296008
|
- |
|
typo3
|
typo3
|
The t3lib_div::RemoveXSS API method in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to bypass the cross-site scripting (XSS) protection …
|
CWE-20
Improper Input Validation
|
CVE-2012-1608
|
2024-11-21 10:37 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296009
|
- |
|
typo3
|
typo3
|
The Command Line Interface (CLI) script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request.
|
CWE-200
Information Exposure
|
CVE-2012-1607
|
2024-11-21 10:37 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
296010
|
- |
|
typo3
|
typo3
|
Multiple cross-site scripting (XSS) vulnerabilities in the Backend component in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allow remote authenticated backend …
|
CWE-79
Cross-site Scripting
|
CVE-2012-1606
|
2024-11-21 10:37 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
