|
290681
|
- |
|
havalite
|
cms
|
Havalite CMS 1.1.0 and earlier stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the configuration database via a direct requ…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5892
|
2024-11-21 10:45 |
2012-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290682
|
- |
|
dalbum
|
dalbum
|
Multiple cross-site request forgery (CSRF) vulnerabilities in photo/pass.php in DAlbum 1.44 build 174 and earlier allow remote attackers to hijack the authentication of administrators for requests th…
|
CWE-352
Origin Validation Error
|
CVE-2012-5891
|
2024-11-21 10:45 |
2012-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290683
|
- |
|
stanislas_rolland
|
sr_feuser_register
|
The Front End User Registration (sr_feuser_register) extension before 2.6.2 for TYPO3 allows remote attackers to obtain user names and passwords via the (1) edit perspective or (2) autologin feature.
|
CWE-200
Information Exposure
|
CVE-2012-5890
|
2024-11-21 10:45 |
2012-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290684
|
- |
|
alex_kellner
|
powermail
|
Cross-site scripting (XSS) vulnerability in the powermail extension before 1.6.5 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2012-5889
|
2024-11-21 10:45 |
2012-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290685
|
- |
|
benjamin_mack
|
seo_basics
|
Cross-site scripting (XSS) vulnerability in Basic SEO Features (seo_basics) extension before 0.8.2 for TYPO3 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2012-5888
|
2024-11-21 10:45 |
2012-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290686
|
- |
|
apache
|
tomcat
|
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 does not properly check for stale nonce values in conjunction with …
|
CWE-287
Improper Authentication
|
CVE-2012-5887
|
2024-11-21 10:45 |
2012-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290687
|
- |
|
apache
|
tomcat
|
The HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 caches information about the authenticated user within the session …
|
CWE-287
Improper Authentication
|
CVE-2012-5886
|
2024-11-21 10:45 |
2012-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290688
|
- |
|
apache
|
tomcat
|
The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce (aka clien…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5885
|
2024-11-21 10:45 |
2012-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290689
|
- |
|
uk-cookie_project
|
uk-cookie
|
Cross-site scripting (XSS) vulnerability in the Uk Cookie (aka uk-cookie) plugin for WordPress allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2012-5856
|
2024-11-21 10:45 |
2012-11-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290690
|
- |
|
mozilla
|
bugzilla
|
The User.get method in Bugzilla/WebService/User.pm in Bugzilla 4.3.2 allows remote attackers to obtain sensitive information about the saved searches of arbitrary users via an XMLRPC request or a JSO…
|
CWE-200
Information Exposure
|
CVE-2012-5884
|
2024-11-21 10:45 |
2012-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
