|
290631
|
- |
|
redhat
|
jboss_enterprise_portal_platform
|
Cross-site request forgery (CSRF) vulnerability in the GateIn Portal component in JBoss Enterprise Portal Platform 5.2.2 and earlier allows remote attackers to hijack the authentication of unspecifie…
|
CWE-352
Origin Validation Error
|
CVE-2012-3532
|
2024-11-21 10:41 |
2013-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290632
|
- |
|
apache
|
http_server
|
Multiple cross-site scripting (XSS) vulnerabilities in the Apache HTTP Server 2.2.x before 2.2.24-dev and 2.4.x before 2.4.4 allow remote attackers to inject arbitrary web script or HTML via vectors …
|
CWE-79
Cross-site Scripting
|
CVE-2012-3499
|
2024-11-21 10:41 |
2013-02-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290633
|
- |
|
redhat
|
cloudforms
|
Pulp in Red Hat CloudForms before 1.1 logs administrative passwords in a world-readable file, which allows local users to read pulp administrative passwords by reading production.log.
|
CWE-255
Credentials Management
|
CVE-2012-3538
|
2024-11-21 10:41 |
2013-01-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290634
|
- |
|
openconstructor_project
|
openconstructor
|
Multiple SQL injection vulnerabilities in Open Constructor 3.12.0 allow remote authenticated users to execute arbitrary SQL commands via the id parameter to (1) data/gallery/edit.php, (2) data/guestb…
|
CWE-89
SQL Injection
|
CVE-2012-3873
|
2024-11-21 10:41 |
2012-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290635
|
- |
|
openconstructor_project
|
openconstructor
|
Multiple cross-site scripting (XSS) vulnerabilities in Open Constructor 3.12.0 allow remote attackers to inject arbitrary web script or HTML via (1) the result parameter to data/file/edit.php, (2) th…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3872
|
2024-11-21 10:41 |
2012-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290636
|
- |
|
openconstructor_project
|
openconstructor
|
Cross-site scripting (XSS) vulnerability in data/hybrid/i_hybrid.php in Open Constructor 3.12.0 allows remote authenticated users to inject arbitrary web script or HTML via the header parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-3871
|
2024-11-21 10:41 |
2012-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290637
|
- |
|
openconstructor_project
|
openconstructor
|
Multiple cross-site scripting (XSS) vulnerabilities in objects/createobject.php in Open Constructor 3.12.0 allow remote authenticated users to inject arbitrary web script or HTML via the (1) name or …
|
CWE-79
Cross-site Scripting
|
CVE-2012-3870
|
2024-11-21 10:41 |
2012-12-28 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290638
|
- |
|
apache
|
tomcat
|
org/apache/catalina/realm/RealmBase.java in Apache Tomcat 6.x before 6.0.36 and 7.x before 7.0.30, when FORM authentication is used, allows remote attackers to bypass security-constraint checks by le…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3546
|
2024-11-21 10:41 |
2012-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290639
|
- |
|
citrix
xen
|
xenserver
xen
|
The GNTTABOP_swap_grant_ref sub-operation in the grant table hypercall in Xen 4.2 and Citrix XenServer 6.0.2 allows local guest kernels or administrators to cause a denial of service (host crash) and…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3516
|
2024-11-21 10:41 |
2012-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290640
|
- |
|
xen
qemu
suse
opensuse
redhat
debian
canonical
|
xen
qemu
linux_enterprise_server
linux_enterprise_desktop
opensuse
linux_enterprise_software_development_kit
virtualization
enterprise_linux_server
enterprise_linux_workstatio…
|
Qemu, as used in Xen 4.0, 4.1 and possibly other products, when emulating certain devices with a virtual console backend, allows local OS guest users to gain privileges via a crafted escape VT100 seq…
|
CWE-20
Improper Input Validation
|
CVE-2012-3515
|
2024-11-21 10:41 |
2012-11-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
