|
290261
|
- |
|
emc
|
rsa_data_protection_manager_appliance
rsa_data_protection_manager_software_server
|
Cross-site scripting (XSS) vulnerability in EMC RSA Data Protection Manager Appliance and Software Server 2.7.x and 3.x before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4612
|
2024-11-21 10:43 |
2012-11-16 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290262
|
- |
|
dell
|
openmanage_server_administrator
|
Cross-site scripting (XSS) vulnerability in Dell OpenManage Server Administrator (OMSA) before 6.5.0.1, 7.0 before 7.0.0.1, and 7.1 before 7.1.0.1 allows remote attackers to inject arbitrary web scri…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4955
|
2024-11-21 10:43 |
2012-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290263
|
- |
|
vanillaforums
|
vanilla_forums
vanilla
|
The edit-profile page in Vanilla Forums before 2.1a32 allows remote authenticated users to modify arbitrary profile settings by replacing the UserID value during a man-in-the-middle attack, related t…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4954
|
2024-11-21 10:43 |
2012-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290264
|
- |
|
verifone
|
vericentre_web_console
|
Multiple SQL injection vulnerabilities in terminal/paramedit.aspx in VeriFone VeriCentre Web Console before 2.2 build 36 allow remote attackers to execute arbitrary SQL commands via the (1) TerminalI…
|
CWE-89
SQL Injection
|
CVE-2012-4951
|
2024-11-21 10:43 |
2012-11-15 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290265
|
- |
|
symantec
|
antivirus
scan_engine
endpoint_protection
|
The decomposer engine in Symantec Endpoint Protection (SEP) 11.0, Symantec Endpoint Protection Small Business Edition 12.0, Symantec AntiVirus Corporate Edition (SAVCE) 10.x, and Symantec Scan Engine…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-4953
|
2024-11-21 10:43 |
2012-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290266
|
- |
|
esri
|
arcgis_server
|
SQL injection vulnerability in ESRI ArcGIS 10.1 allows remote authenticated users to execute arbitrary SQL commands via the where parameter to a query URI for a REST service.
|
CWE-89
SQL Injection
|
CVE-2012-4949
|
2024-11-21 10:43 |
2012-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290267
|
- |
|
fortinet
|
fortigate-3140b
fortigate-60c
fortigate-3040b
fortigate-300c
fortigate-600c
fortigate-5001a-sw
fortigate-3240c
fortigate-310b
fortigate-800c
fortigate-5020
fortigate-100…
|
The default configuration of Fortinet Fortigate UTM appliances uses the same Certification Authority certificate and same private key across different customers' installations, which makes it easier …
|
CWE-295
Improper Certificate Validation
|
CVE-2012-4948
|
2024-11-21 10:43 |
2012-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290268
|
- |
|
ibm
|
websphere_application_server
|
Cross-site request forgery (CSRF) vulnerability in IBM WebSphere Application Server 6.1 before 6.1.0.45, 7.0 before 7.0.0.25, 8.0 before 8.0.0.5, and 8.5 before 8.5.0.1 allows remote attackers to hij…
|
CWE-352
Origin Validation Error
|
CVE-2012-4853
|
2024-11-21 10:43 |
2012-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290269
|
- |
|
ibm
|
websphere_application_server
|
Cross-site scripting (XSS) vulnerability in IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1 allows remote attackers to inject arbitrary web script or HTML via a crafted URI.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4851
|
2024-11-21 10:43 |
2012-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290270
|
- |
|
ibm
|
websphere_application_server
|
IBM WebSphere Application Server 8.5 Liberty Profile before 8.5.0.1, when JAX-RS is used, does not properly validate requests, which allows remote attackers to gain privileges via unspecified vectors.
|
CWE-20
Improper Input Validation
|
CVE-2012-4850
|
2024-11-21 10:43 |
2012-11-14 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
