|
291931
|
7.5 |
HIGH
Network
|
tryton
|
trytond
|
trytond 2.4: ModelView.button fails to validate authorization
|
CWE-863
Incorrect Authorization
|
CVE-2012-2238
|
2024-11-21 10:38 |
2019-11-21 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291932
|
9.8 |
CRITICAL
Network
|
ibm
|
xiv_storage_system_2810-a14_firmware
xiv_storage_system_2812-a14_firmware
xiv_storage_system_2810-114_firmware
xiv_storage_system_2812-114_firmware
|
IBM XIV Storage System 2810-A14 and 2812-A14 devices before level 10.2.4.e-2 and 2810-114 and 2812-114 devices before level 11.1.1 have hardcoded passwords for unspecified accounts, which allows remo…
|
CWE-798
Use of Hard-coded Credentials
|
CVE-2012-2166
|
2024-11-21 10:38 |
2018-02-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291933
|
- |
|
sgi
|
xfsprogs
|
xfs_metadump in xfsprogs before 3.2.4 does not properly obfuscate file data, which allows remote attackers to obtain sensitive information by reading a generated image.
|
CWE-200
Information Exposure
|
CVE-2012-2150
|
2024-11-21 10:38 |
2015-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291934
|
- |
|
simple_php_agenda_project
|
simple_php_agenda
|
Multiple cross-site request forgery (CSRF) vulnerabilities in Simple PHP Agenda 2.2.8 and earlier allow remote attackers to hijack the authentication of administrators for requests that (1) add an ad…
|
CWE-352
Origin Validation Error
|
CVE-2012-1978
|
2024-11-21 10:38 |
2015-05-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291935
|
- |
|
ubercart
|
ubercart
|
The Ubercart module 6.x-2.x before 6.x-2.8 for Drupal allows remote authenticated users with the "administer product classes" permission to execute arbitrary PHP code via unspecified vectors.
|
CWE-94
Code Injection
|
CVE-2012-2301
|
2024-11-21 10:38 |
2014-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291936
|
- |
|
adobe
|
photoshop_cs5
photoshop_cs5.1
|
Stack-based buffer overflow in the U3D.8BI library plugin in Adobe Photoshop CS5 12.x before 12.0.5 and CS5.1 12.1.x before 12.1.1 allows remote attackers to execute arbitrary code via a long Collada…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-2052
|
2024-11-21 10:38 |
2014-06-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291937
|
- |
|
fedoraproject
david_paleino
|
fedora
wicd
|
The SetWiredProperty function in the D-Bus interface in WICD before 1.7.2 allows local users to write arbitrary configuration settings and gain privileges via a crafted property name in a dbus messag…
|
CWE-20
Improper Input Validation
|
CVE-2012-2095
|
2024-11-21 10:38 |
2014-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291938
|
- |
|
martin_nagy
|
bind-dyndb-ldap
|
The handle_connection_error function in ldap_helper.c in bind-dyndb-ldap before 1.1.0rc1 does not properly handle LDAP query errors, which allows remote attackers to cause a denial of service (infini…
|
CWE-399
Resource Management Errors
|
CVE-2012-2134
|
2024-11-21 10:38 |
2014-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291939
|
- |
|
standards_based_linux_instrumentation_project
opensuse
|
standards-based_linux_common_information_model_client
opensuse
|
internal/cimxml/sax/NodeFactory.java in Standards-Based Linux Instrumentation for Manageability (SBLIM) Common Information Model (CIM) Client (aka sblim-cim-client2) before 2.1.12 computes hash value…
|
CWE-310
Cryptographic Issues
|
CVE-2012-2328
|
2024-11-21 10:38 |
2014-02-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291940
|
- |
|
csounds
|
csound
|
Stack-based buffer overflow in the main function in util/lpci_main.c in Csound before 5.17.2, when converting a file, allows user-assisted remote attackers to execute arbitrary code via a crafted fil…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-2108
|
2024-11-21 10:38 |
2014-02-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
