|
288591
|
- |
|
clip-bucket
|
clipbucket
|
Multiple SQL injection vulnerabilities in the update_counter function in includes/functions.php in ClipBucket 2.6 allow remote attackers to execute arbitrary SQL commands via the time parameter to (1…
|
CWE-89
SQL Injection
|
CVE-2012-6643
|
2024-11-21 10:46 |
2014-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288592
|
- |
|
clip-bucket
|
clipbucket
|
Cross-site scripting (XSS) vulnerability in ClipBucket 2.6 allows remote attackers to inject arbitrary web script or HTML via the type parameter to view_channel.php. NOTE: the provenance of this inf…
|
CWE-79
Cross-site Scripting
|
CVE-2012-6642
|
2024-11-21 10:46 |
2014-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288593
|
- |
|
prestashop
|
prestashop
|
Cross-site scripting (XSS) vulnerability in redirect.php in the Socolissimo module (modules/socolissimo/) in PrestaShop before 1.4.7.2 allows remote attackers to inject arbitrary web script or HTML v…
|
CWE-79
Cross-site Scripting
|
CVE-2012-6641
|
2024-11-21 10:46 |
2014-04-8 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288594
|
- |
|
horde
|
groupware
imp
|
Cross-site scripting (XSS) vulnerability in Horde Internet Mail Program (IMP) before 5.0.22, as used in Horde Groupware Webmail Edition before 4.0.9, allows remote attackers to inject arbitrary web s…
|
CWE-79
Cross-site Scripting
|
CVE-2012-6640
|
2024-11-21 10:46 |
2014-04-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288595
|
- |
|
samsung
|
kies
|
Buffer overflow in the PrepareSync method in the SyncService.dll ActiveX control in Samsung Kies before 2.5.1.12123_2_7 allows remote attackers to execute arbitrary code via a long string to the pass…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-6429
|
2024-11-21 10:46 |
2014-04-4 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288596
|
- |
|
opensolution
|
quick_cart
quick_cms
|
Cross-site scripting (XSS) vulnerability in Open Solution Quick.Cms 5.0 and Quick.Cart 6.0, possibly as downloaded before December 19, 2012, allows remote attackers to inject arbitrary web script or …
|
CWE-79
Cross-site Scripting
|
CVE-2012-6430
|
2024-11-21 10:46 |
2014-03-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288597
|
- |
|
mongodb
|
mongodb
|
The default configuration for MongoDB before 2.3.2 does not validate objects, which allows remote authenticated users to cause a denial of service (crash) or read system memory via a crafted BSON obj…
|
CWE-20
Improper Input Validation
|
CVE-2012-6619
|
2024-11-21 10:46 |
2014-03-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288598
|
- |
|
apache
adobe
|
cordova
phonegap
|
Apache Cordova 3.3.0 and earlier and Adobe PhoneGap 2.9.0 and earlier do not anchor the end of domain-name regular expressions, which allows remote attackers to bypass a whitelist protection mechanis…
|
CWE-20
Improper Input Validation
|
CVE-2012-6637
|
2024-11-21 10:46 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288599
|
- |
|
google
|
android_api
|
The Android API before 17 does not properly restrict the WebView.addJavascriptInterface method, which allows remote attackers to execute arbitrary methods of Java objects by using the Java Reflection…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6636
|
2024-11-21 10:46 |
2014-03-3 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
288600
|
- |
|
linux
|
linux_kernel
|
The tcp_rcv_state_process function in net/ipv4/tcp_input.c in the Linux kernel before 3.2.24 allows remote attackers to cause a denial of service (kernel resource consumption) via a flood of SYN+FIN …
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2012-6638
|
2024-11-21 10:46 |
2014-02-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
