|
289821
|
- |
|
vanillaforums
|
latestcomment
|
Cross-site scripting (XSS) vulnerability in the LatestComment plugin 1.1 for Vanilla Forums allows remote attackers to inject arbitrary web script or HTML via the discussion title.
|
CWE-79
Cross-site Scripting
|
CVE-2012-6555
|
2024-11-21 10:46 |
2013-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289822
|
- |
|
a51dev
|
activecollab_chat_module
|
functions/html_to_text.php in the Chat module before 1.5.2 for activeCollab allows remote authenticated users to execute arbitrary PHP code via the message[message_text] parameter to chat/add_messag,…
|
CWE-20
Improper Input Validation
|
CVE-2012-6554
|
2024-11-21 10:46 |
2013-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289823
|
- |
|
angusj
|
resource_hacker
|
Heap-based buffer overflow in Resource Hacker 3.6.0.92 allows remote attackers to execute arbitrary code via a Portable Executable (PE) file with a resource section containing a string that has many …
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-6553
|
2024-11-21 10:46 |
2013-05-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289824
|
- |
|
vercot
|
serva32
|
Buffer overflow in the TFTPD service in Serva32 2.1.0 allows remote attackers to cause a denial of service (daemon crash) or possibly execute arbitrary code via a long string in a read request.
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2013-0145
|
2024-11-21 10:46 |
2013-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289825
|
- |
|
microsoft
|
windows_essentials
|
Writer in Microsoft Windows Essentials 2011 and 2012 allows remote attackers to bypass proxy settings and overwrite arbitrary files via crafted URL parameters, aka "Windows Essentials Improper URI Ha…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0096
|
2024-11-21 10:46 |
2013-05-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289826
|
- |
|
phpvms
|
phpvms
|
Unspecified vulnerability in admin/action.php in phpVMS 2.1.x before 2.1.935 has unknown impact and attack vectors.
|
NVD-CWE-noinfo
|
CVE-2012-6552
|
2024-11-21 10:46 |
2013-05-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289827
|
- |
|
mcafee
|
epolicy_orchestrator
|
Directory traversal vulnerability in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to upload arbitrary files via a crafted request over the Agent-Serve…
|
CWE-22
Path Traversal
|
CVE-2013-0141
|
2024-11-21 10:46 |
2013-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289828
|
- |
|
mcafee
|
epolicy_orchestrator
|
SQL injection vulnerability in the Agent-Handler component in McAfee ePolicy Orchestrator (ePO) before 4.5.7 and 4.6.x before 4.6.6 allows remote attackers to execute arbitrary SQL commands via a cra…
|
CWE-89
SQL Injection
|
CVE-2013-0140
|
2024-11-21 10:46 |
2013-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289829
|
- |
|
ibm
|
lotus_notes
|
IBM Lotus Notes 8.x before 8.5.3 FP4 Interim Fix 1 and 9.0 before Interim Fix 1 does not block APPLET elements in HTML e-mail, which allows remote attackers to bypass intended restrictions on Java co…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2013-0127
|
2024-11-21 10:46 |
2013-05-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289830
|
- |
|
erik_michaels-ober
grape_project
|
multi_xml
grape
|
multi_xml gem 0.5.2 for Ruby, as used in Grape before 0.2.6 and possibly other products, does not properly restrict casts of string values, which allows remote attackers to conduct object-injection a…
|
CWE-20
Improper Input Validation
|
CVE-2013-0175
|
2024-11-21 10:46 |
2013-04-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
