|
289001
|
- |
|
google
|
authenticator
|
pam_google_authenticator.c in the PAM module in Google Authenticator before 1.0 requires user-readable permissions for the secret file, which allows local users to bypass intended access restrictions…
|
CWE-200
Information Exposure
|
CVE-2012-6140
|
2024-11-21 10:45 |
2013-04-24 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289002
|
- |
|
ibm
|
tririga_application_platform
|
Multiple cross-site request forgery (CSRF) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to hijack the authentication of arbitrary users fo…
|
CWE-352
Origin Validation Error
|
CVE-2012-5950
|
2024-11-21 10:45 |
2013-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289003
|
- |
|
ibm
|
tririga_application_platform
|
Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject content, and conduct phishing attacks, via vect…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5949
|
2024-11-21 10:45 |
2013-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289004
|
- |
|
ibm
|
tririga_application_platform
|
Multiple cross-site scripting (XSS) vulnerabilities in IBM TRIRIGA Application Platform 2.x and 3.x before 3.3, and 8, allow remote attackers to inject arbitrary web script or HTML via vectors involv…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5948
|
2024-11-21 10:45 |
2013-04-23 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289005
|
- |
|
apache
|
activemq
|
Multiple cross-site scripting (XSS) vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via (1) the refresh parameter to Por…
|
CWE-79
Cross-site Scripting
|
CVE-2012-6092
|
2024-11-21 10:45 |
2013-04-22 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289006
|
- |
|
xmlsoft
opensuse
|
libxslt
opensuse
|
libxslt before 1.1.28 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an (1) empty match attribute in a XSL key to the xsltAddKey function in keys.c or (…
|
NVD-CWE-Other
|
CVE-2012-6139
|
2024-11-21 10:45 |
2013-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289007
|
- |
|
ibm
|
sterling_file_gateway
gentran_integration_suite
sterling_integrator
sterling_b2b_integrator
|
Unspecified vulnerability in the CLA2 server in IBM Gentran Integration Suite 4.3, Sterling Integrator 5.0 and 5.1, and Sterling B2B Integrator 5.2, as used in IBM Sterling File Gateway 1.1 through 2…
|
NVD-CWE-noinfo
|
CVE-2012-5937
|
2024-11-21 10:45 |
2013-04-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289008
|
- |
|
redhat
|
openstack_folsom
openstack_essex
|
Red Hat OpenStack Essex and Folsom creates the /var/log/puppet directory with world-readable permissions, which allows local users to obtain sensitive information such as Puppet log files.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6120
|
2024-11-21 10:45 |
2013-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289009
|
- |
|
omniauth-oauth2_project
|
omniauth-oauth2
|
Cross-site request forgery (CSRF) vulnerability in the omniauth-oauth2 gem 1.1.1 and earlier for Ruby allows remote attackers to hijack the authentication of users for requests that modify session st…
|
CWE-352
Origin Validation Error
|
CVE-2012-6134
|
2024-11-21 10:45 |
2013-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289010
|
- |
|
fedorahosted
|
cronie
|
File descriptor leak in cronie 1.4.8, when running in certain environments, might allow local users to read restricted files, as demonstrated by reading /etc/crontab.
|
CWE-200
Information Exposure
|
CVE-2012-6097
|
2024-11-21 10:45 |
2013-04-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
