|
291351
|
- |
|
ganglia
|
ganglia-web
|
Unspecified vulnerability in Ganglia Web before 3.5.1 allows remote attackers to execute arbitrary PHP code via unknown attack vectors.
|
NVD-CWE-noinfo
|
CVE-2012-3448
|
2024-11-21 10:40 |
2012-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291352
|
- |
|
php
|
php
|
pdo_sql_parser.re in the PDO extension in PHP before 5.3.14 and 5.4.x before 5.4.4 does not properly determine the end of the query string during parsing of prepared statements, which allows remote a…
|
NVD-CWE-Other
|
CVE-2012-3450
|
2024-11-21 10:40 |
2012-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291353
|
- |
|
puppetlabs
puppet
|
puppet
puppet_enterprise
|
lib/puppet/network/authstore.rb in Puppet before 2.7.18, and Puppet Enterprise before 2.5.2, supports use of IP addresses in certnames without warning of potential risks, which might allow remote att…
|
CWE-287
Improper Authentication
|
CVE-2012-3408
|
2024-11-21 10:40 |
2012-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291354
|
- |
|
siemens
|
synco_ozw_web_server
synco_ozw_web_server_firmware
|
The Siemens Synco OZW Web Server devices OZW672.*, OZW772.*, and OZW775 with firmware before 4 have an unspecified default password, which makes it easier for remote attackers to obtain administrativ…
|
CWE-255
Credentials Management
|
CVE-2012-3020
|
2024-11-21 10:40 |
2012-08-7 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291355
|
- |
|
djangoproject
|
django
|
The get_image_dimensions function in the image-handling functionality in Django before 1.3.2 and 1.4.x before 1.4.1 uses a constant chunk size in all attempts to determine dimensions, which allows re…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-3444
|
2024-11-21 10:40 |
2012-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291356
|
- |
|
djangoproject
|
django
|
The django.forms.ImageField class in the form system in Django before 1.3.2 and 1.4.x before 1.4.1 completely decompresses image data during image validation, which allows remote attackers to cause a…
|
CWE-20
Improper Input Validation
|
CVE-2012-3443
|
2024-11-21 10:40 |
2012-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291357
|
- |
|
djangoproject
|
django
|
The (1) django.http.HttpResponseRedirect and (2) django.http.HttpResponsePermanentRedirect classes in Django before 1.3.2 and 1.4.x before 1.4.1 do not validate the scheme of a redirect target, which…
|
CWE-79
Cross-site Scripting
|
CVE-2012-3442
|
2024-11-21 10:40 |
2012-08-1 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291358
|
- |
|
openstack
|
essex
keystone
horizon
|
OpenStack Keystone before 2012.1.1, as used in OpenStack Folsom before Folsom-1 and OpenStack Essex, does not properly implement token expiration, which allows remote authenticated users to bypass in…
|
CWE-264
Permissions, Privileges, and Access Controls
|
CVE-2012-3426
|
2024-11-21 10:40 |
2012-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291359
|
- |
|
iconics
|
genesis32
bizviz
|
The lockout-recovery feature in the Security Configurator component in ICONICS GENESIS32 9.22 and earlier and BizViz 9.22 and earlier uses an improper encryption algorithm for generation of an authen…
|
CWE-310
Cryptographic Issues
|
CVE-2012-3018
|
2024-11-21 10:40 |
2012-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
291360
|
- |
|
siemens
|
simatic_s7-400_cpu_firmware
simatic_s7-400_cpu_414-3_pn\/dp
simatic_s7-400_cpu_416-3_pn\/dp
simatic_s7-400_cpu_416f-3_pn\/dp
|
Siemens SIMATIC S7-400 PN CPU devices with firmware 5.x allow remote attackers to cause a denial of service (defect-mode transition and service outage) via (1) malformed HTTP traffic or (2) malformed…
|
CWE-119
Incorrect Access of Indexable Resource ('Range Error')
|
CVE-2012-3017
|
2024-11-21 10:40 |
2012-07-31 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
