|
290441
|
- |
|
php
canonical
debian
|
php
ubuntu_linux
debian_linux
|
The sapi_header_op function in main/SAPI.c in PHP 5.4.0RC2 through 5.4.0 does not properly determine a pointer during checks for %0D sequences (aka carriage return characters), which allows remote at…
|
CWE-20
Improper Input Validation
|
CVE-2012-4388
|
2024-11-21 10:42 |
2012-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290442
|
- |
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.1 allow remote attackers to inject arbitrary web script or HTML via the (1) calendar displayname to part.choosecalendar.rowf…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4397
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290443
|
- |
|
owncloud
|
owncloud
|
Cross-site scripting (XSS) vulnerability in index.php in ownCloud before 4.0.3 allows remote attackers to inject arbitrary web script or HTML via the redirect_url parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4395
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290444
|
- |
|
owncloud
|
owncloud
|
Multiple cross-site scripting (XSS) vulnerabilities in ownCloud before 4.0.2 allow remote attackers to inject arbitrary web script or HTML via the (1) file names to apps/user_ldap/settings.php; (2) u…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4396
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290445
|
- |
|
owncloud
|
owncloud
|
Cross-site scripting (XSS) vulnerability in apps/files/js/filelist.js in ownCloud before 4.0.5 allows remote attackers to inject arbitrary web script or HTML via the file parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4394
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290446
|
- |
|
owncloud
|
owncloud
|
Multiple cross-site request forgery (CSRF) vulnerabilities in ownCloud before 4.0.6 allow remote attackers to hijack the authentication of arbitrary users for requests that use (1) addBookmark.php, (…
|
CWE-352
Origin Validation Error
|
CVE-2012-4393
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290447
|
- |
|
owncloud
|
owncloud
|
index.php in ownCloud 4.0.7 does not properly validate the oc_token cookie, which allows remote attackers to bypass authentication via a crafted oc_token cookie value.
|
CWE-287
Improper Authentication
|
CVE-2012-4392
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290448
|
- |
|
owncloud
|
owncloud
|
Cross-site request forgery (CSRF) vulnerability in core/ajax/appconfig.php in ownCloud before 4.0.7 allows remote attackers to hijack the authentication of administrators for requests that edit the a…
|
CWE-352
Origin Validation Error
|
CVE-2012-4391
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290449
|
- |
|
owncloud
|
owncloud
|
(1) apps/calendar/appinfo/remote.php and (2) apps/contacts/appinfo/remote.php in ownCloud before 4.0.7 allows remote authenticated users to enumerate the registered users via unspecified vectors.
|
CWE-200
Information Exposure
|
CVE-2012-4390
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290450
|
- |
|
owncloud
|
owncloud
|
Incomplete blacklist vulnerability in lib/migrate.php in ownCloud before 4.0.7 allows remote attackers to execute arbitrary code by uploading a crafted .htaccess file in an import.zip file and access…
|
NVD-CWE-Other
|
CVE-2012-4389
|
2024-11-21 10:42 |
2012-09-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
