|
291161
|
- |
|
breakingpointsystems
|
breakingpoint_storm_appliance_ctm
breakingpoint_storm_appliance
|
The BreakingPoint Storm appliance before 3.0 requires cleartext credentials for establishing a session from a GUI administrative client, which allows remote attackers to obtain sensitive information …
|
CWE-20
Improper Input Validation
|
CVE-2012-2964
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291162
|
- |
|
breakingpointsystems
|
breakingpoint_storm_appliance_ctm
breakingpoint_storm_appliance
|
The administrative interface in the embedded web server on the BreakingPoint Storm appliance before 3.0 does not require authentication for the gwt/BugReport script, which allows remote attackers to …
|
CWE-287
Improper Authentication
|
CVE-2012-2963
|
2024-11-21 10:40 |
2012-08-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291163
|
- |
|
pnp4nagios
|
pnp4nagios
|
PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3457
|
2024-11-21 10:40 |
2012-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291164
|
- |
|
oracle
|
database_server
|
SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors in…
|
CWE-89
SQL Injection
|
CVE-2012-3132
|
2024-11-21 10:40 |
2012-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291165
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 a…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3465
|
2024-11-21 10:40 |
2012-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291166
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow re…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3464
|
2024-11-21 10:40 |
2012-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291167
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3463
|
2024-11-21 10:40 |
2012-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291168
|
- |
|
todd_miller
redhat
|
sudo
enterprise_linux
|
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.
|
CWE-59
Link Following
|
CVE-2012-3440
|
2024-11-21 10:40 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291169
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentic…
|
CWE-287
Improper Authentication
|
CVE-2012-3424
|
2024-11-21 10:40 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291170
|
- |
|
hp
|
arcsight_connector_appliance_firmware
arcsight_connector_appliance
arcsight_logger_appliance_firmware
arcsight_logger_appliance
|
Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbit…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2960
|
2024-11-21 10:40 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
