|
292461
|
- |
|
mediawiki
|
mediawiki
|
The resource loader in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 includes private data such as CSRF tokens in a JavaScript file, which allows remote attackers to obtain sensitive inform…
|
CWE-200
Information Exposure
|
CVE-2012-1579
|
2024-11-21 10:37 |
2012-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292462
|
- |
|
mediawiki
|
mediawiki
|
Multiple cross-site request forgery (CSRF) vulnerabilities in MediaWiki 1.17.x before 1.17.3 and 1.18.x before 1.18.2 allow remote attackers to hijack the authentication of users with the block permi…
|
CWE-352
Origin Validation Error
|
CVE-2012-1578
|
2024-11-21 10:37 |
2012-09-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292463
|
- |
|
vmware
|
workstation
player
fusion
view
esx
|
Untrusted search path vulnerability in VMware Tools in VMware Workstation before 8.0.4, VMware Player before 4.0.4, VMware Fusion before 4.1.2, VMware View before 5.1, and VMware ESX 4.1 before U3 an…
|
NVD-CWE-Other
|
CVE-2012-1666
|
2024-11-21 10:37 |
2012-09-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292464
|
- |
|
joomla
|
joomla\!
|
Cross-site scripting (XSS) vulnerability in the update manager in Joomla! 2.5.x before 2.5.4 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
|
CWE-79
Cross-site Scripting
|
CVE-2012-1612
|
2024-11-21 10:37 |
2012-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292465
|
- |
|
joomla
|
joomla\!
|
Joomla! 2.5.x before 2.5.4 does not properly check permissions, which allows attackers to obtain sensitive "administrative back end" information via unknown attack vectors. NOTE: this might be a dup…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-1611
|
2024-11-21 10:37 |
2012-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292466
|
- |
|
pkp
|
open_journal_systems
|
Multiple cross-site scripting (XSS) vulnerabilities in Open Journal Systems before 2.3.7 allow remote attackers and remote authenticated users to inject arbitrary web script or HTML via the (1) edito…
|
CWE-79
Cross-site Scripting
|
CVE-2012-1469
|
2024-11-21 10:37 |
2012-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292467
|
- |
|
pkp
|
open_journal_systems
|
Incomplete blacklist vulnerability in Open Journal Systems before 2.3.7 allows remote authenticated users with the Author Role permission to execute arbitrary code by uploading a file with an executa…
|
NVD-CWE-Other
|
CVE-2012-1468
|
2024-11-21 10:37 |
2012-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292468
|
- |
|
pkp
|
open_journal_systems
|
Multiple directory traversal vulnerabilities in the iBrowser plugin library, as used in Open Journal Systems before 2.3.7, allow remote authenticated users to (1) delete or (2) rename arbitrary files…
|
CWE-22
Path Traversal
|
CVE-2012-1467
|
2024-11-21 10:37 |
2012-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292469
|
- |
|
scott_wheeler
|
taglib
|
Integer overflow in the mid function in toolkit/tbytevector.cpp in TagLib 1.7 and earlier allows context-dependent attackers to cause a denial of service (application crash) via a crafted file header…
|
CWE-189
Numeric Errors
|
CVE-2012-1584
|
2024-11-21 10:37 |
2012-09-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
292470
|
- |
|
coppermine-gallery
|
coppermine_photo_gallery
|
Coppermine Photo Gallery before 1.5.20 allows remote attackers to obtain sensitive information via (1) a direct request to plugins/visiblehookpoints/index.php, an invalid (2) page or (3) cat paramete…
|
CWE-200
Information Exposure
|
CVE-2012-1614
|
2024-11-21 10:37 |
2012-09-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
