|
290401
|
- |
|
openstack
|
keystone
|
The (1) OS-KSADM/services and (2) tenant APIs in OpenStack Keystone Essex before 2012.1.2 and Folsom before folsom-2 do not properly validate X-Auth-Token, which allow remote attackers to read the ro…
|
CWE-287
Improper Authentication
|
CVE-2012-4456
|
2024-11-21 10:42 |
2012-10-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290402
|
- |
|
monkey-project
|
monkey
|
Monkey HTTP Daemon 0.9.3 retains the supplementary group IDs of the root account during operations with a non-root effective UID, which might allow local users to bypass intended file-read restrictio…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4442
|
2024-11-21 10:42 |
2012-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290403
|
- |
|
monkey-project
|
monkey
|
Monkey HTTP Daemon 0.9.3 uses a real UID of root and a real GID of root during execution of CGI scripts, which might allow local users to gain privileges by leveraging cgi-bin write access.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4443
|
2024-11-21 10:42 |
2012-10-6 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290404
|
- |
|
finalbeta
|
mywebsearch
|
Cross-site scripting (XSS) vulnerability in Final Beta Laboratory MyWebSearch before 1.23 allows remote attackers to inject arbitrary web script or HTML via the keywords parameter.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4018
|
2024-11-21 10:42 |
2012-10-5 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290405
|
- |
|
mf_gig_calendar_project
|
mf_gig_calendar
|
Cross-site scripting (XSS) vulnerability in the MF Gig Calendar plugin 0.9.2 for WordPress allows remote attackers to inject arbitrary web script or HTML via the query string to the calendar page.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4242
|
2024-11-21 10:42 |
2012-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290406
|
- |
|
eucalyptus
|
eucalyptus
|
Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to bypass unspecified authorization checks and obtain di…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4065
|
2024-11-21 10:42 |
2012-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290407
|
- |
|
eucalyptus
|
eucalyptus
|
Eucalyptus before 3.1.1 does not properly restrict the binding of external SOAP web-services messages, which allows remote authenticated users to gain privileges by sending a message to (1) Cloud Con…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4064
|
2024-11-21 10:42 |
2012-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290408
|
- |
|
eucalyptus
|
eucalyptus
|
The Apache Santuario configuration in Eucalyptus before 3.1.1 does not properly restrict applying XML Signature transforms to documents, which allows remote attackers to cause a denial of service via…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4063
|
2024-11-21 10:42 |
2012-10-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290409
|
- |
|
fedoraproject
|
389_directory_server
|
389 Directory Server 1.2.10 does not properly update the ACL when a DN entry is moved by a modrdn operation, which allows remote authenticated users with certain permissions to bypass ACL restriction…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4450
|
2024-11-21 10:42 |
2012-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290410
|
- |
|
smarty
|
smarty
|
Cross-site scripting (XSS) vulnerability in the SmartyException class in Smarty (aka smarty-php) before 3.1.12 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors t…
|
CWE-79
Cross-site Scripting
|
CVE-2012-4437
|
2024-11-21 10:42 |
2012-10-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
