|
290041
|
- |
|
opensolution
|
quick_cart
quick_cms
|
Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or …
|
CWE-79
Cross-site Scripting
|
CVE-2012-6430
|
2024-11-21 10:46 |
2014-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290042
|
- |
|
mongodb
|
mongodb
|
The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON obj…
|
CWE-20
Improper Input Validation
|
CVE-2012-6619
|
2024-11-21 10:46 |
2014-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290043
|
- |
|
apache
adobe
|
cordova
phonegap
|
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanis…
|
CWE-20
Improper Input Validation
|
CVE-2012-6637
|
2024-11-21 10:46 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290044
|
- |
|
google
|
android_api
|
The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6636
|
2024-11-21 10:46 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290045
|
- |
|
linux
|
linux_kernel
|
The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service (kernel resource consumption) via a flood of SYN+FIN …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2012-6638
|
2024-11-21 10:46 |
2014-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290046
|
- |
|
rapid7
|
nexpose
|
Cross-site request forgery (CSRF) vulnerability in Rapid7 Nexpose Security Console before 5.5.4 allows remote attackers to hijack the authentication of unspecified victims for requests that delete sc…
|
CWE-352
Origin Validation Error
|
CVE-2012-6493
|
2024-11-21 10:46 |
2014-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290047
|
- |
|
splunk
|
splunk
|
Cross-site scripting (XSS) vulnerability in Splunk Web in Splunk 5.0.0 through 5.0.2 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2012-6447
|
2024-11-21 10:46 |
2014-01-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290048
|
- |
|
kernel
|
util-linux
|
(a) mount and (b) umount in util-linux 2.14.1, 2.17.2, and probably other versions allow local users to determine the existence of restricted directories by (1) using the --guess-fstype command-line …
|
CWE-200
Information Exposure
|
CVE-2013-0157
|
2024-11-21 10:46 |
2014-01-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290049
|
- |
|
wordpress
|
wordpress
|
wp-admin/includes/class-wp-posts-list-table.php in WordPress before 3.3.3 does not properly restrict excerpt-view access, which allows remote authenticated users to obtain sensitive information by vi…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6635
|
2024-11-21 10:46 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290050
|
- |
|
wordpress
|
wordpress
|
wp-admin/media-upload.php in WordPress before 3.3.3 allows remote attackers to obtain sensitive information or bypass intended media-attachment restrictions via a post_id value.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6634
|
2024-11-21 10:46 |
2014-01-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
