|
289021
|
- |
|
apache
|
cxf
|
The URIMappingInterceptor in Apache CXF before 2.5.8, 2.6.x before 2.6.5, and 2.7.x before 2.7.2, when using the WSS4JInInterceptor, bypasses WS-Security processing, which allows remote attackers to …
|
CWE-287
Improper Authentication
|
CVE-2012-5633
|
2024-11-21 10:45 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289022
|
- |
|
redhat
|
jboss_enterprise_web_platform
jboss_enterprise_application_platform
|
The default configuration of the (1) LdapLoginModule and (2) LdapExtLoginModule modules in JBoss Enterprise Application Platform (EAP) 4.3.0 CP10, 5.2.0, and 6.0.1, and Enterprise Web Platform (EWP) …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-5629
|
2024-11-21 10:45 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289023
|
- |
|
redhat
|
aeolus_conductor
|
The Administer tab in Aeolus Conductor allows remote authenticated users to bypass intended quota restrictions by updating the Maximum Running Instances quota user setting.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6118
|
2024-11-21 10:45 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289024
|
- |
|
redhat
|
cloudforms_cloud_engine
|
Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to re…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6117
|
2024-11-21 10:45 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289025
|
- |
|
inkscape
|
inkscape
|
Inkscape before 0.48.4 reads .eps files from /tmp instead of the current directory, which might cause Inkspace to process unintended files, allow local users to obtain sensitive information, and poss…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6076
|
2024-11-21 10:45 |
2013-03-13 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289026
|
- |
|
ibm
|
tivoli_application_dependency_discovery_manager
|
Cross-site scripting (XSS) vulnerability in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remote authenticat…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5942
|
2024-11-21 10:45 |
2013-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289027
|
- |
|
ibm
|
tivoli_application_dependency_discovery_manager
|
Cross-site scripting (XSS) vulnerability in Welcome.do in the Data Management Portal Web User Interface in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 allows remo…
|
CWE-79
Cross-site Scripting
|
CVE-2012-5939
|
2024-11-21 10:45 |
2013-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289028
|
- |
|
ibm
|
tivoli_application_dependency_discovery_manager
|
The SSL configuration in IBM Tivoli Application Dependency Discovery Manager (TADDM) 7.2.x before 7.2.1.4 supports the MD5 hash algorithm, which makes it easier for man-in-the-middle attackers to spo…
|
CWE-16
Configuration
|
CVE-2012-5770
|
2024-11-21 10:45 |
2013-03-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289029
|
- |
|
cisco
|
aironet_access_point_software
|
The HTTP Profiler on the Cisco Aironet Access Point with software 15.2 and earlier does not properly manage buffers, which allows remote attackers to cause a denial of service (device reload) via cra…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-6026
|
2024-11-21 10:45 |
2013-03-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
289030
|
- |
|
katello
|
katello-configure
katello
|
modules/certs/manifests/config.pp in katello-configure before 1.3.3.pulpv2 in Katello uses weak permissions (666) for the Candlepin bootstrap RPM, which allows local users to modify the Candlepin CA …
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-6116
|
2024-11-21 10:45 |
2013-03-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
