|
291901
|
- |
|
maian
menalto
|
gallery
|
Gallery 2 before 2.3.2 and 3 before 3.0.3 does not properly implement encryption, which has unspecified impact and attack vectors, a different vulnerability than CVE-2012-1113.
|
CWE-310
Cryptographic Issues
|
CVE-2012-2405
|
2024-11-21 10:39 |
2012-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291902
|
- |
|
wordpress
|
wordpress
|
wp-comments-post.php in WordPress before 3.3.2 supports offsite redirects, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2012-2404
|
2024-11-21 10:39 |
2012-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291903
|
- |
|
wordpress
|
wordpress
|
wp-includes/formatting.php in WordPress before 3.3.2 attempts to enable clickable links inside attributes, which makes it easier for remote attackers to conduct cross-site scripting (XSS) attacks via…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2403
|
2024-11-21 10:39 |
2012-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291904
|
- |
|
wordpress
|
wordpress
|
wp-admin/plugins.php in WordPress before 3.3.2 allows remote authenticated site administrators to bypass intended access restrictions and deactivate network-wide plugins via unspecified vectors.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2402
|
2024-11-21 10:39 |
2012-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291905
|
- |
|
moxiecode
wordpress
|
plupload
wordpress
|
Plupload before 1.5.4, as used in wp-includes/js/plupload/ in WordPress before 3.3.2 and other products, enables scripting regardless of the domain from which the SWF content was loaded, which allows…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2401
|
2024-11-21 10:39 |
2012-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291906
|
- |
|
wordpress
|
wordpress
|
Unspecified vulnerability in wp-includes/js/swfobject.js in WordPress before 3.3.2 has unknown impact and attack vectors.
|
NVD-CWE-noinfo
|
CVE-2012-2400
|
2024-11-21 10:39 |
2012-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291907
|
- |
|
wordpress
|
wordpress
|
Cross-site scripting (XSS) vulnerability in swfupload.swf in SWFupload 2.2.0.1 and earlier, as used in WordPress before 3.5.2, TinyMCE Image Manager 1.1 and earlier, and other products allows remote …
|
NVD-CWE-noinfo
|
CVE-2012-2399
|
2024-11-21 10:39 |
2012-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291908
|
- |
|
owncloud
|
owncloud
|
Cross-site scripting (XSS) vulnerability in files/ajax/download.php in ownCloud before 3.0.3 allows remote attackers to inject arbitrary web script or HTML via the files parameter, a different vulner…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2398
|
2024-11-21 10:39 |
2012-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291909
|
- |
|
owncloud
|
owncloud
|
Cross-site request forgery (CSRF) vulnerability in ownCloud before 3.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that insert cross-site scripting (XSS) se…
|
CWE-352
Origin Validation Error
|
CVE-2012-2397
|
2024-11-21 10:39 |
2012-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291910
|
- |
|
videolan
|
vlc_media_player
|
VideoLAN VLC media player 2.0.1 allows remote attackers to cause a denial of service (divide-by-zero error and application crash) via a crafted MP4 file.
|
NVD-CWE-Other
|
CVE-2012-2396
|
2024-11-21 10:39 |
2012-04-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
