|
291851
|
- |
|
hypermethod
|
elearning_server
|
PHP remote file inclusion vulnerability in admin/setup.inc.php in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary PHP code via a URL in the path parameter.
|
CWE-94
Code Injection
|
CVE-2012-2924
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291852
|
- |
|
hypermethod
|
elearning_server
|
SQL injection vulnerability in news.php4 in Hypermethod eLearning Server 4G allows remote attackers to execute arbitrary SQL commands via the nid parameter.
|
CWE-89
SQL Injection
|
CVE-2012-2923
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291853
|
- |
|
drupal
|
drupal
|
The request_path function in includes/bootstrap.inc in Drupal 7.14 and earlier allows remote attackers to obtain sensitive information via the q[] parameter to index.php, which reveals the installati…
|
CWE-200
Information Exposure
|
CVE-2012-2922
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291854
|
- |
|
mark_pilgrim
|
feedparser
|
Universal Feed Parser (aka feedparser or python-feedparser) before 5.1.2 allows remote attackers to cause a denial of service (memory consumption) via a crafted XML ENTITY declaration in a non-ASCII …
|
CWE-399
Resource Management Errors
|
CVE-2012-2921
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291855
|
- |
|
user_photo
|
user_photo
|
Cross-site scripting (XSS) vulnerability in the userphoto_options_page function in user-photo.php in the User Photo plugin before 0.9.5.2 for WordPress allows remote attackers to inject arbitrary web…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2920
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291856
|
- |
|
chevereto
|
chevereto
|
Directory traversal vulnerability in Upload/engine.php in Chevereto 1.9.1 allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in the v parameter.
|
CWE-22
Path Traversal
|
CVE-2012-2919
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291857
|
- |
|
chevereto
|
chevereto
|
Cross-site scripting (XSS) vulnerability in Upload/engine.php in Chevereto 1.91 allows remote attackers to inject arbitrary web script or HTML via the v parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-2918
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291858
|
- |
|
hp
|
business_service_management
|
HP Business Service Management (BSM) 9.12 does not properly restrict the uploading of .war files, which allows remote attackers to execute arbitrary JSP code within the JBOSS Application Server compo…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-2561
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291859
|
- |
|
andrew_killen
|
share_and_follow
|
Cross-site scripting (XSS) vulnerability in the Share and Follow plugin 1.80.3 for WordPress allows remote attackers to inject arbitrary web script or HTML via the CDN API Key (cnd-key) in a share-an…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2917
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291860
|
- |
|
dlo
|
simple_anti_bot_registration_engine_plugin
|
Cross-site scripting (XSS) vulnerability in sabre_class_admin.php in the SABRE plugin before 2.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the active_option par…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2916
|
2024-11-21 10:39 |
2012-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
