|
291331
|
- |
|
pnp4nagios
|
pnp4nagios
|
PNP4Nagios 0.6 through 0.6.16 uses world-readable permissions for process_perfdata.cfg, which allows local users to obtain the Gearman shared secret by reading the file.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3457
|
2024-11-21 10:40 |
2012-08-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291332
|
- |
|
oracle
|
database_server
|
SQL injection vulnerability in Oracle Database Server 10.2.0.3, 10.2.0.4, 10.2.0.5, 11.1.0.7, 11.2.0.2, and 11.2.0.3 allows remote authenticated users to execute arbitrary SQL commands via vectors in…
|
CWE-89
SQL Injection
|
CVE-2012-3132
|
2024-11-21 10:40 |
2012-08-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291333
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/sanitize_helper.rb in the strip_tags helper in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 a…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3465
|
2024-11-21 10:40 |
2012-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291334
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
Cross-site scripting (XSS) vulnerability in activesupport/lib/active_support/core_ext/string/output_safety.rb in Ruby on Rails before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 might allow re…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3464
|
2024-11-21 10:40 |
2012-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291335
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
Cross-site scripting (XSS) vulnerability in actionpack/lib/action_view/helpers/form_tag_helper.rb in Ruby on Rails 3.x before 3.0.17, 3.1.x before 3.1.8, and 3.2.x before 3.2.8 allows remote attacker…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3463
|
2024-11-21 10:40 |
2012-08-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291336
|
- |
|
todd_miller
redhat
|
sudo
enterprise_linux
|
A certain Red Hat script for sudo 1.7.2 on Red Hat Enterprise Linux (RHEL) 5 allows local users to overwrite arbitrary files via a symlink attack on the /var/tmp/nsswitch.conf.bak temporary file.
|
CWE-59
Link Following
|
CVE-2012-3440
|
2024-11-21 10:40 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291337
|
- |
|
rubyonrails
|
ruby_on_rails
rails
|
The decode_credentials method in actionpack/lib/action_controller/metal/http_authentication.rb in Ruby on Rails 3.x before 3.0.16, 3.1.x before 3.1.7, and 3.2.x before 3.2.7 converts Digest Authentic…
|
CWE-287
Improper Authentication
|
CVE-2012-3424
|
2024-11-21 10:40 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291338
|
- |
|
hp
|
arcsight_connector_appliance_firmware
arcsight_connector_appliance
arcsight_logger_appliance_firmware
arcsight_logger_appliance
|
Cross-site scripting (XSS) vulnerability in the import functionality in HP ArcSight Connector appliance 6.2.0.6244.0 and ArcSight Logger appliance 5.2.0.6288.0 allows remote attackers to inject arbit…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2960
|
2024-11-21 10:40 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291339
|
- |
|
redhat
|
libvirt
|
The virTypedParameterArrayClear function in libvirt 0.9.13 does not properly handle virDomain* API calls with typed parameters, which might allow remote authenticated users to cause a denial of servi…
|
CWE-399
Resource Management Errors
|
CVE-2012-3445
|
2024-11-21 10:40 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291340
|
- |
|
graphicsmagick
|
graphicsmagick
|
The Magick_png_malloc function in coders/png.c in GraphicsMagick 6.7.8-6 does not use the proper variable type for the allocation size, which might allow remote attackers to cause a denial of service…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-3438
|
2024-11-21 10:40 |
2012-08-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
