|
290191
|
- |
|
layton_technology
|
helpbox
|
selectawasset.asp in Layton Helpbox 4.4.0 allows remote attackers to discover ODBC database credentials via an element=sys_asset_id request, which is not properly handled during construction of an er…
|
CWE-200
Information Exposure
|
CVE-2012-4976
|
2024-11-21 10:43 |
2012-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290192
|
- |
|
layton_technology
|
helpbox
|
editrequestuser.asp in Layton Helpbox 4.4.0 allows remote authenticated users to change arbitrary support-ticket data via a modified sys_request_id parameter.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4975
|
2024-11-21 10:43 |
2012-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290193
|
- |
|
laytontechnology
|
helpbox
|
Layton Helpbox 4.4.0 allows remote authenticated users to change the login context and gain privileges via a modified (1) loggedinenduser, (2) loggedinendusername, (3) loggedinuserusergroup, (4) logg…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4974
|
2024-11-21 10:43 |
2012-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290194
|
- |
|
layton_technology
|
helpbox
|
Multiple cross-site scripting (XSS) vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to inject arbitrary web script or HTML via the (1) sys_solution_id, (2) sys_requesttype_id, (3) sys_…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4972
|
2024-11-21 10:43 |
2012-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290195
|
- |
|
microsoft
|
exchange_server
|
Microsoft Exchange Server 2007 SP3 and 2010 SP1 and SP2 allows remote authenticated users to cause a denial of service (Information Store service hang) by subscribing to a crafted RSS feed, aka "RSS …
|
CWE-94
Code Injection
|
CVE-2012-4791
|
2024-11-21 10:43 |
2012-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290196
|
- |
|
microsoft
|
internet_explorer
|
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not proper…
|
CWE-399
Resource Management Errors
|
CVE-2012-4787
|
2024-11-21 10:43 |
2012-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290197
|
- |
|
microsoft
|
windows_xp
windows_server_2008
windows_7
windows_server_2003
windows_vista
|
The kernel-mode drivers in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2, R2, and R2 SP1, Windows 7 Gold and SP1, Windows 8, Windows Server 201…
|
CWE-94
Code Injection
|
CVE-2012-4786
|
2024-11-21 10:43 |
2012-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290198
|
- |
|
microsoft
|
internet_explorer
|
Use-after-free vulnerability in Microsoft Internet Explorer 9 and 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "CMarkup Us…
|
CWE-399
Resource Management Errors
|
CVE-2012-4782
|
2024-11-21 10:43 |
2012-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290199
|
- |
|
layton_technology
|
helpbox
|
Multiple SQL injection vulnerabilities in Layton Helpbox 4.4.0 allow remote attackers to execute arbitrary SQL commands via the (1) reqclass parameter to editrequestenduser.asp; the (2) sys_request_i…
|
CWE-89
SQL Injection
|
CVE-2012-4971
|
2024-11-21 10:43 |
2012-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290200
|
- |
|
microsoft
|
internet_explorer
|
Use-after-free vulnerability in Microsoft Internet Explorer 6 through 10 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to a deleted object, aka "Inject…
|
CWE-94
Code Injection
|
CVE-2012-4781
|
2024-11-21 10:43 |
2012-12-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
