|
290461
|
- |
|
google
|
tunnelblick
|
Tunnelblick 3.3beta20 and earlier allows local users to gain privileges by using a crafted Info.plist file to control the gOkIfNotSecure value.
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-4677
|
2024-11-21 10:43 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290462
|
- |
|
google
|
tunnelblick
|
The errorExitIfAttackViaString function in Tunnelblick 3.3beta20 and earlier allows local users to delete arbitrary files by constructing a (1) symlink or (2) hard link, a different vulnerability tha…
|
CWE-59
Link Following
|
CVE-2012-4676
|
2024-11-21 10:43 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290463
|
- |
|
pluxml
|
pluxml
|
Cross-site scripting (XSS) vulnerability in PluXml 5.1.6 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to file update.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4675
|
2024-11-21 10:43 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290464
|
- |
|
pluxml
|
pluxml
|
PluXml before 5.1.6 allows remote attackers to obtain the installation path via the PHPSESSID.
|
CWE-200
Information Exposure
|
CVE-2012-4674
|
2024-11-21 10:43 |
2012-08-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290465
|
- |
|
thomas_hunter
|
neoinvoice
|
SQL injection vulnerability in application/controllers/invoice.php in NeoInvoice might allow remote attackers to execute arbitrary SQL commands via vectors involving the sort_col variable in the list…
|
CWE-89
SQL Injection
|
CVE-2012-4673
|
2024-11-21 10:43 |
2012-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290466
|
- |
|
apple
|
ichat_server
|
Apple iChat Server does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.
|
CWE-20
Improper Input Validation
|
CVE-2012-4672
|
2024-11-21 10:43 |
2012-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290467
|
- |
|
psyced
|
psyced
|
psyced before 20120821 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses for domains that were not asserted.
|
CWE-20
Improper Input Validation
|
CVE-2012-4671
|
2024-11-21 10:43 |
2012-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290468
|
- |
|
tigase
|
tigase_xmpp_server
|
Tigase XMPP Server before 5.1.0 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via a (1) Verify Response or (2) Author…
|
CWE-20
Improper Input Validation
|
CVE-2012-4670
|
2024-11-21 10:43 |
2012-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290469
|
- |
|
isode
|
m-link
|
M-Link R14.6 before R14.6v14 and R15.1 before R15.1v10 does not verify that a request was made for an XMPP Server Dialback response, which allows remote XMPP servers to spoof domains via responses fo…
|
CWE-20
Improper Input Validation
|
CVE-2012-4669
|
2024-11-21 10:43 |
2012-08-26 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
290470
|
- |
|
roundcube
|
webmail
|
Cross-site scripting (XSS) vulnerability in Roundcube Webmail 0.8.1 and earlier allows remote attackers to inject arbitrary web script or HTML via the signature in an email.
|
CWE-79
Cross-site Scripting
|
CVE-2012-4668
|
2024-11-21 10:43 |
2012-08-25 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
