|
291471
|
9.8 |
CRITICAL
Network
|
golang
|
go
|
golang/go in 1.0.2 fixes all.bash on shared machines. dotest() in src/pkg/debug/gosym/pclntab_test.go creates a temporary file with predicable name and executes it as shell script.
|
-
|
CVE-2012-2666
|
2024-11-21 10:39 |
2021-07-9 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291472
|
8.8 |
HIGH
Network
|
axous
|
axous
|
Multiple cross-site request forgery (CSRF) and cross-site scripting (XSS) vulnerabilities in Axous 1.1.1 and earlier allow remote attackers to hijack the authentication of administrators for requests…
|
CWE-352
Origin Validation Error
|
CVE-2012-2629
|
2024-11-21 10:39 |
2020-02-20 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291473
|
6.1 |
MEDIUM
Network
|
prestashop
|
prestashop
|
Cross-site scripting (XSS) vulnerability in PrestaShop before 1.4.9 allows remote attackers to inject arbitrary web script or HTML via the index of the product[] parameter to ajax.php.
|
CWE-79
Cross-site Scripting
|
CVE-2012-2517
|
2024-11-21 10:39 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291474
|
6.1 |
MEDIUM
Network
|
pragmamx
|
pragmamx
|
Multiple cross-site scripting (XSS) vulnerabilities in pragmaMx 1.x before 1.12.2 allow remote attackers to inject arbitrary web script or HTML via the (1) name parameter to modules.php or (2) img_ur…
|
CWE-79
Cross-site Scripting
|
CVE-2012-2452
|
2024-11-21 10:39 |
2020-02-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291475
|
6.1 |
MEDIUM
Network
|
atmail
|
atmail
|
Cross-site scripting (XSS) vulnerability in the administrative interface in Atmail Webmail Server 6.4 allows remote attackers to inject arbitrary web script or HTML via the Date field of an email.
|
CWE-79
Cross-site Scripting
|
CVE-2012-2593
|
2024-11-21 10:39 |
2020-02-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291476
|
7.2 |
HIGH
Network
|
tinywebgallery
|
tinywebgallery
|
PHP code injection in TinyWebGallery before 1.8.8 allows remote authenticated users with admin privileges to inject arbitrary code into the .htusers.php file.
|
CWE-74
Injection
|
CVE-2012-2931
|
2024-11-21 10:39 |
2020-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291477
|
5.3 |
MEDIUM
Network
|
md-systems
|
simplenews
|
The Simplenews module 6.x-1.x before 6.x-1.4, 6.x-2.x before 6.x-2.0-alpha4, and 7.x-1.x before 7.x-1.0-rc1 for Drupal reveals the email addresses of new mailing list subscribers when confirmation is…
|
CWE-200
Information Exposure
|
CVE-2012-2724
|
2024-11-21 10:39 |
2020-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291478
|
9.8 |
CRITICAL
Network
|
browserid_project
|
browserid
|
The BrowserID (Mozilla Persona) module 7.x-1.x before 7.x-1.3 for Drupal allows remote attackers to hijack the authentication of arbitrary users via the audience identifier.
|
CWE-287
Improper Authentication
|
CVE-2012-2714
|
2024-11-21 10:39 |
2020-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291479
|
4.4 |
MEDIUM
Local
|
gnome
debian
canonical
opensuse
|
networkmanager
debian_linux
ubuntu_linux
opensuse
|
In NetworkManager 0.9.2.0, when a new wireless network was created with WPA/WPA2 security in AdHoc mode, it created an open/insecure network.
|
CWE-306
Missing Authentication for Critical Function
|
CVE-2012-2736
|
2024-11-21 10:39 |
2019-12-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291480
|
7.5 |
HIGH
Network
|
talend
|
restlet
|
An XML eXternal Entity (XXE) issue exists in Restlet 1.1.10 in an endpoint using XML transport, which lets a remote attacker obtain sensitive information.
|
CWE-611
XXE
|
CVE-2012-2656
|
2024-11-21 10:39 |
2019-12-19 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
