|
288801
|
- |
|
typo3
|
typo3
|
The Backend History Module in TYPO3 4.5.x before 4.5.21, 4.6.x before 4.6.14, and 4.7.x before 4.7.6 does not properly restrict access, which allows remote authenticated editors to read the history o…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6146
|
2024-11-21 10:45 |
2014-05-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288802
|
- |
|
cisco
|
ios_xe
asr_1001
asr_1002
asr_1002-x
asr_1002_fixed_router
asr_1004
asr_1006
asr_1013
asr_1023_router
|
Cisco ASR 1000 devices with software before 3.8S, when BDI routing is enabled, allow remote attackers to cause a denial of service (device reload) via crafted (1) broadcast or (2) multicast ICMP pack…
|
CWE-20
Improper Input Validation
|
CVE-2012-5723
|
2024-11-21 10:45 |
2014-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288803
|
- |
|
roundup-tracker
|
roundup
|
Cross-site scripting (XSS) vulnerability in cgi/client.py in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the @action parameter to support/issue1.
|
CWE-79
Cross-site Scripting
|
CVE-2012-6131
|
2024-11-21 10:45 |
2014-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288804
|
- |
|
roundup-tracker
|
roundup
|
Cross-site scripting (XSS) vulnerability in the history display in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via a username, related to generating a link.
|
CWE-79
Cross-site Scripting
|
CVE-2012-6130
|
2024-11-21 10:45 |
2014-04-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288805
|
- |
|
roundup-tracker
|
roundup
|
Cross-site scripting (XSS) vulnerability in Roundup before 1.4.20 allows remote attackers to inject arbitrary web script or HTML via the otk parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-6132
|
2024-11-21 10:45 |
2014-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288806
|
- |
|
theforeman
|
foreman
|
Multiple SQL injection vulnerabilities in Foreman before 1.0.2 allow remote attackers to execute arbitrary SQL commands via unspecified parameters to (1) app/models/hostext/search.rb or (2) app/model…
|
CWE-89
SQL Injection
|
CVE-2012-5648
|
2024-11-21 10:45 |
2014-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288807
|
- |
|
apache
|
couchdb
|
Cross-site scripting (XSS) vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via …
|
CWE-79
Cross-site Scripting
|
CVE-2012-5650
|
2024-11-21 10:45 |
2014-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288808
|
- |
|
apache
mochiweb_project
|
couchdb
mochiweb
|
Directory traversal vulnerability in the partition2 function in mochiweb_util.erl in MochiWeb before 2.4.0, as used in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1, allows …
|
CWE-22
Path Traversal
|
CVE-2012-5641
|
2024-11-21 10:45 |
2014-03-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288809
|
- |
|
imagecms
|
imagecms
|
SQL injection vulnerability in ImageCMS before 4.2 allows remote authenticated administrators to execute arbitrary SQL commands via the q parameter to admin/admin_search/. NOTE: this can be leverage…
|
CWE-89
SQL Injection
|
CVE-2012-6290
|
2024-11-21 10:45 |
2014-03-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288810
|
- |
|
hp
|
linux_imaging_and_printing_project
|
HP Linux Imaging and Printing (HPLIP) before 3.13.2 uses world-writable permissions for /var/log/hp and /var/log/hp/tmp, which allows local users to delete log files via standard filesystem operation…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6108
|
2024-11-21 10:45 |
2014-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
